Analysis Overview
Threat Level: Known bad
The file https://discord.com/login was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Modifies Installed Components in the registry
Downloads MZ/PE file
Drops startup file
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
NTFS ADS
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Enumerates system info in registry
Delays execution with timeout.exe
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-21 12:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-21 12:37
Reported
2024-02-21 12:53
Platform
win10v2004-20240220-en
Max time kernel
909s
Max time network
910s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD3F95.tmp | C:\Users\Admin\Desktop\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3FAB.tmp | C:\Users\Admin\Desktop\WannaCry-main\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1888637039-960448630-940472005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-U2MAK.tmp\butterflyondesktop.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1888637039-960448630-940472005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" | C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\hngpyzkollar158 = "\"C:\\Users\\Admin\\Desktop\\WannaCry-main\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SET6744.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET6744.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1888637039-960448630-940472005-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\WannaCry-main\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1888637039-960448630-940472005-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Public\Desktop\@[email protected] | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t3.nbd | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Butterfly on Desktop\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-U2MAK.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd2.wav | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t001.nbd | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\Butterfly on Desktop\is-MESTT.tmp | C:\Users\Admin\AppData\Local\Temp\is-U2MAK.tmp\butterflyondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Apps.nbd | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j2.nbd | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\s1.nbd | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\speedup.ico | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Regicon.ocx | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\fix.bat | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET6120.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET6714.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET60FC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET6701.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET60C7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET60EA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET611F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET6700.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SET6713.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET60C7.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET60D8.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET6700.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET60D9.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET60FD.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET611F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET610E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET611E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET6701.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET6712.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET610E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET60EA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET60FB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET6714.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET60D8.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET60D9.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET6120.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\help\SET6712.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET60C6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET60C6.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET60FA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET60FC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET60FD.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET60FB.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET611E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET6713.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET60FA.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "111" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{322982E0-0855-11D3-9DCF-DDFB3AB09E18}\TypeLib\Version = "1.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{157083E0-2368-11CF-87B9-00AA006C8166} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}\TypeLib | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}\ = "ISkinScrollBar" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\Implemented Categories | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\ = "INodes" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\Programmable | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E20FD10-1BEB-11CE-80FB-0000C0C14E92}\TypeLib\Version = "1.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ = "IListView" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSOptionBase" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib\Version = "3.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE8-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55DD814E-A1B7-4808-9625-4F75A3FAD8A7}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "2.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE4-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.COMScript.1 | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSPanelEvents" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}\ = "__clsBBPlayer" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\Version\ = "1.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinEvent.1\CLSID | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\Implemented Categories | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\TypeLib\ = "{29D9184E-BF09-4F13-B356-22841635C733}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4B-BD0D-11D2-8D14-00104B9E072A}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0 | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE1-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ = "IAgentBalloonEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07D0E280-EF44-11CD-836C-0000C0C14E92}\ProxyStubClsid32 | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\ProgID\ = "ActiveSkin.ComFilters.1" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ProgID | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 775732.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Public\Desktop\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\WannaCry-main\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\WannaCry-main\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e78a46f8,0x7ff8e78a4708,0x7ff8e78a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
C:\Users\Admin\Downloads\butterflyondesktop.exe
"C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-U2MAK.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-U2MAK.tmp\butterflyondesktop.tmp" /SL5="$B01CA,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8e78a46f8,0x7ff8e78a4708,0x7ff8e78a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5900 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e78a46f8,0x7ff8e78a4708,0x7ff8e78a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8032 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Jigsaw-Ransomware-master\README.md
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:8
C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe
"C:\Users\Admin\Desktop\awaddw\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x344
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7640 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\I_LOVE_YOU-Virus-master\Love.bat" "
C:\Windows\system32\timeout.exe
timeout 10
C:\Windows\system32\shutdown.exe
shutdown -s -t 100
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2458210947098327613,14012670421758466120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Users\Admin\Desktop\WannaCry-main\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry-main\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 18491708519930.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
C:\Users\Admin\Desktop\WannaCry-main\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Public\Desktop\@[email protected]
"C:\Users\Public\Desktop\@[email protected]"
C:\Users\Admin\Desktop\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hngpyzkollar158" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCry-main\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hngpyzkollar158" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCry-main\tasksche.exe\"" /f
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3897855 /state1:0x41c64e6d
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.190:443 | th.bing.com | tcp |
| GB | 92.123.128.138:443 | r.bing.com | tcp |
| GB | 92.123.128.138:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 190.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | butterflies-u1y.en.softonic.com | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 35.227.233.104:443 | butterflies-u1y.en.softonic.com | tcp |
| US | 35.227.233.104:443 | butterflies-u1y.en.softonic.com | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| CH | 18.165.183.4:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| FR | 52.222.145.16:443 | c.amazon-adsystem.com | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 104.233.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.84.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.145.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.103.224.13.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 35.227.233.104:443 | softonic.com | udp |
| CH | 13.224.93.118:443 | www.datadoghq-browser-agent.com | tcp |
| FR | 52.222.145.16:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| NL | 142.250.179.187:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| CH | 18.165.183.39:443 | config.aps.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 118.93.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 187.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| BE | 142.251.173.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.240.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| BE | 142.251.173.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 709a1539fdef125c38e923b66e2c2c4f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| GB | 216.58.204.65:443 | 709a1539fdef125c38e923b66e2c2c4f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| CH | 18.165.183.74:443 | api.privacy-center.org | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| IE | 46.137.68.105:443 | ap.lijit.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.77.71.210:443 | ad.360yield.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 52.222.160.111:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.213.14:443 | ampcid.google.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.68.137.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.71.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.160.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.224.150:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.224.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.4.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.42.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | butterfly-on-desktop.soft32.com | udp |
| CH | 18.165.183.31:443 | butterfly-on-desktop.soft32.com | tcp |
| CH | 18.165.183.31:443 | butterfly-on-desktop.soft32.com | tcp |
| US | 8.8.8.8:53 | d3gx3uz4yj2hnq.cloudfront.net | udp |
| CH | 13.224.98.195:443 | d3gx3uz4yj2hnq.cloudfront.net | tcp |
| CH | 13.224.98.195:443 | d3gx3uz4yj2hnq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 31.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.98.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3fnqfpn2r2a3x.cloudfront.net | udp |
| US | 8.8.8.8:53 | d22blwhp6neszm.cloudfront.net | udp |
| CH | 18.165.185.62:443 | d22blwhp6neszm.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| CH | 13.224.98.72:443 | d3fnqfpn2r2a3x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | soft32.disqus.com | udp |
| US | 199.232.192.134:443 | soft32.disqus.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 151.101.0.134:443 | disqus.com | tcp |
| CH | 18.165.183.52:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| CH | 18.165.183.52:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 62.185.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.98.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.146.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | drugnom0x8w61.cloudfront.net | udp |
| CH | 18.165.185.141:443 | drugnom0x8w61.cloudfront.net | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | b83c36b74a2eeb69201857035c7909ce.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.185.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| IT | 142.251.209.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 3.209.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| IT | 142.251.209.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 8d6765bdf9241eaeb6151580ac0b8155.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.centerbodyapps.com | udp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | b2adc396057741c71f7f3582e0a4cf78.safeframe.googlesyndication.com | udp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | 2b187ae06296b8cbf92fe180a1f0fa18.safeframe.googlesyndication.com | udp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | aa08de8a946ef8f33b8b02b518ded55e.safeframe.googlesyndication.com | udp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | 9c235dca53e4b61ec165a0676c112590.safeframe.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pchelpsoft.com | udp |
| US | 104.26.1.116:443 | pchelpsoft.com | tcp |
| US | 104.26.1.116:443 | pchelpsoft.com | tcp |
| US | 8.8.8.8:53 | www.pchelpsoft.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cloud.pchelpsoft.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 216.239.32.21:443 | cloud.pchelpsoft.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.26.1.100:443 | get.geojs.io | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 116.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.pchelpsoft.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| CA | 64.18.87.10:443 | store.pchelpsoft.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 10.87.18.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.131.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal-eu.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics.fatmedia.io | udp |
| US | 216.239.34.21:443 | analytics.fatmedia.io | tcp |
| US | 104.18.32.137:443 | privacyportal-eu.onetrust.com | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.174.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 204.11.56.48:443 | js.centerbodyapps.com | tcp |
| US | 8.8.8.8:53 | 9be29fe26f91c979c6844f887ca88381.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 114.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | freedesktopsoft.com | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 95.117.46.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.3:80 | fonts.gstatic.com | tcp |
| GB | 142.250.180.3:80 | fonts.gstatic.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | download.wavebrowser.co | udp |
| US | 44.206.175.177:443 | download.wavebrowser.co | tcp |
| US | 8.8.8.8:53 | api.wavebrowser.co | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 52.203.8.29:443 | api.wavebrowser.co | tcp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| GB | 88.221.134.122:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 177.175.206.44.in-addr.arpa | udp |
| US | 52.203.8.29:443 | api.wavebrowser.co | tcp |
| US | 8.8.8.8:53 | app.posthog.com | udp |
| US | 8.8.8.8:53 | app.termly.io | udp |
| US | 104.22.58.181:443 | app.posthog.com | tcp |
| US | 104.22.58.181:443 | app.posthog.com | tcp |
| US | 104.18.30.234:443 | app.termly.io | tcp |
| US | 104.18.30.234:443 | app.termly.io | tcp |
| US | 52.203.8.29:443 | api.wavebrowser.co | tcp |
| US | 8.8.8.8:53 | 115.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.8.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.58.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 104.18.30.234:443 | app.termly.io | tcp |
| US | 8.8.8.8:53 | api.mywavehome.net | udp |
| US | 8.8.8.8:53 | api.wavebrowserbase.com | udp |
| US | 34.232.91.25:443 | api.wavebrowserbase.com | tcp |
| US | 52.203.8.29:443 | api.wavebrowserbase.com | tcp |
| US | 52.203.8.29:443 | api.wavebrowserbase.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.91.232.34.in-addr.arpa | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| GB | 142.250.180.3:80 | fonts.gstatic.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.136:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 136.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.136:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 139.134.221.88.in-addr.arpa | udp |
| GB | 92.123.128.136:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | etactics.com | udp |
| US | 198.185.159.144:443 | etactics.com | tcp |
| US | 198.185.159.144:443 | etactics.com | tcp |
| US | 8.8.8.8:53 | images.squarespace-cdn.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | assets.squarespace.com | udp |
| US | 151.101.0.238:443 | images.squarespace-cdn.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | static1.squarespace.com | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 151.101.0.238:443 | static1.squarespace.com | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hsforms.net | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | a.omappapi.com | udp |
| US | 8.8.8.8:53 | sc.lfeeder.com | udp |
| US | 104.16.137.206:443 | js.hsforms.net | tcp |
| US | 172.64.204.20:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.204.20:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.204.20:443 | ka-f.fontawesome.com | tcp |
| US | 104.16.187.89:443 | js.hs-scripts.com | tcp |
| GB | 143.244.38.136:443 | a.omappapi.com | tcp |
| CH | 18.165.183.39:443 | sc.lfeeder.com | tcp |
| US | 8.8.8.8:53 | forms.hsforms.com | udp |
| US | 104.18.176.125:443 | forms.hsforms.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 8.8.8.8:53 | 206.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.204.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.187.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | api.omappapi.com | udp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| US | 172.66.41.8:443 | api.omappapi.com | tcp |
| GB | 195.181.164.19:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | js.hsleadflows.net | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | tr.lfeeder.com | udp |
| US | 104.18.123.12:443 | js.hsleadflows.net | tcp |
| US | 104.16.76.186:443 | js.hs-analytics.net | tcp |
| US | 104.19.155.83:443 | js.hubspot.com | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| CH | 13.224.103.84:443 | tr.lfeeder.com | tcp |
| US | 104.18.176.125:443 | forms.hsforms.com | tcp |
| GB | 195.181.164.19:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | forms-na1.hsforms.com | udp |
| US | 104.18.160.125:443 | forms-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | 125.176.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.123.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.76.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.155.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.103.224.13.in-addr.arpa | udp |
| GB | 88.221.135.104:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 52.36.75.231:443 | api.userway.org | tcp |
| US | 52.36.75.231:443 | api.userway.org | tcp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 104.17.207.249:443 | perf-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | 125.160.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.75.36.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.207.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 8.8.8.8:53 | forms.hubspot.com | udp |
| US | 151.101.0.84:443 | log.pinterest.com | tcp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | performance.squarespace.com | udp |
| US | 35.186.236.0:443 | performance.squarespace.com | tcp |
| US | 8.8.8.8:53 | 0.236.186.35.in-addr.arpa | udp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| US | 35.186.236.0:443 | performance.squarespace.com | udp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| GB | 92.123.128.183:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 183.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.96:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | get-xmas.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| DE | 78.46.117.95:80 | get-xmas.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| DE | 78.46.117.95:80 | get-xmas.com | tcp |
| DE | 78.46.117.95:80 | get-xmas.com | tcp |
| DE | 78.46.117.95:80 | get-xmas.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| GB | 92.123.128.183:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| GB | 88.221.134.96:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.134:443 | r.bing.com | tcp |
| GB | 92.123.128.134:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 134.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 31.29.187.198.in-addr.arpa | udp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.113:443 | aefd.nelreports.net | udp |
| GB | 88.221.134.113:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 113.134.221.88.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.9.66.186:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 8.8.8.8:53 | 186.66.9.52.in-addr.arpa | udp |
| US | 52.9.66.186:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| GB | 92.123.128.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.178:443 | th.bing.com | tcp |
| GB | 92.123.128.178:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 92.123.128.178:443 | th.bing.com | tcp |
| GB | 92.123.128.178:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.131:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 131.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.133:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| GB | 88.221.134.131:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:62597 | tcp | |
| FR | 151.80.42.103:9001 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| FR | 95.130.12.119:443 | tcp | |
| CA | 204.11.50.131:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| CA | 149.56.45.200:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 200.45.56.149.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 152.89.104.58:9001 | tcp | |
| US | 8.8.8.8:53 | 58.104.89.152.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f621c7614503377ba83f2fcfca1c303b |
| SHA1 | c7ec737f8e0262052e038691e5b38db37bdfe56e |
| SHA256 | c2d2e04acc5e2cd129dd3211f73b498043051b74a2f661c1199224b37b681b26 |
| SHA512 | 203e5e582007efb7d11b0442e85d4e37a4cc1332bd6367cd74b0d4b9de0d0df85757bdc66474f62309bf530841ab7a5e4c0d43c95aa416b7175129e2e2b36c26 |
\??\pipe\LOCAL\crashpad_3156_QYCZKRDJYJCXNGDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ebd667e8db80b0ab07f02f3dc844252 |
| SHA1 | 461bade20eebf59e30e8c3620640d6df6db79249 |
| SHA256 | d04531e41d70e7832898e797081335b3f0314b09141a01de921ff679dba41b0f |
| SHA512 | 75f92d1f4ab942c3fdd3b70542956ea246f718aa8808a53f33d52278505f4f783e4c0458e5093ea4f459e72faea431f926373883eed2ec7da1109bd7efc6fb57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32ba46900cb985308a09717366af8f0f |
| SHA1 | b5bd19951c3e5ef7269cecf45d88ce2fdc36f789 |
| SHA256 | dc6207b8e361203254ea5401fcd8a617f79f8df6696a9bafa0b5028aaf8745cf |
| SHA512 | 962b98073a9d75fd476c63b8d72c4cfb2e7b591ce9f774d186abf84f14b5d8c9190fb32db473753f54f3f29563c8fdbb0c28f573a43b576b1810505a20a970d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28e15e27d72d2fad782e89706eaba70f |
| SHA1 | bfc7d8539626f420fea85c31ede1897fff228d96 |
| SHA256 | 47249011f8eafbb77a40a4b9727e5dcc166e1970ee907dd8ca4fba634fd79dc2 |
| SHA512 | 00e345637c976516cb3bf9f199fbb2259b2a0d6e8c69646cfabf9e31fd6d6e0245ee353cdaccdf3edd34887ec2cfd5b70d4dc8529f8403511ad899b1c9a8a1dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 060a26fad1710aac46dcc960ccbfa450 |
| SHA1 | b284647a0be355af69402f96f596d6a1ca57b5e0 |
| SHA256 | ff6e818513f499a5ce28dd95dafc94eac1691df2ae9adcffa3889fde271afb6f |
| SHA512 | 5eb1b4def6b1bf0d58b2d378ae5b81253cb8a32a3745e6b85756076918bbe42c620c37c77537f649b803d1bf18d4f46e5dcf40c1d7cde3dbb4f81fbaf4223eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07a513f0b027e4aaf353ea3621023468 |
| SHA1 | d463f516e272ed6a6eb9a207800bb37842045c38 |
| SHA256 | f5c31b9d2e8367e664e9edc5c90fbd5bc46d011366dbd7efd0cc6320096c315f |
| SHA512 | 9dd2c6522b92e1e15fd93a31e1d2426e4e575c0b76ce8a77fc06d31100f2eb400f11256627fda1702bcb9daebc415995e281e722a492f12da04ec14b05911a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5783f5.TMP
| MD5 | fd82f75fafa4889cd6c71183594f48f3 |
| SHA1 | 8761cec7cae74dba8423640ba472ff21a0a7cb01 |
| SHA256 | 501a195a9db3ea1ae7a50f74924101be239418d8da5b46c71a59a8edc63091de |
| SHA512 | 62e1b5a5a4cf542d3266714363ec24ba7e22b86f1dbd7cd8fa6999ae80adafea5b1c7cb318f2b8cf036a94e94353477db384d5b3776423cc8261d339e93e9869 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e366968cb4a137697d358590bbe568b1 |
| SHA1 | 348707cd3d10f9be3a5b1821cb1c1260e33928cc |
| SHA256 | b4738697a1973d750190992acf5e9612fb16b7cbe72d57942471465709419497 |
| SHA512 | 84ad11e2aed66688f81fbf4ca2e2337067c0e3b58bcd7cd942a55668c8056a5b5ec2499f748911e2bad2bad1d09e3067ca779f08f68615644c1ae68f5b319e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a
| MD5 | fd0da247c572778b89b15413ad1956e4 |
| SHA1 | 9009cd302b22b6edb98a97e9569fbb765640f382 |
| SHA256 | b6acc64fa2e8e311c90d54dbc05e76cbe0cce81e06ce95c900a62b32d1e0f53d |
| SHA512 | 97ecb491ca2365b2d0b6b25919c0d18b754a7d20dfc78bd427139349617a555fc4b8e47e1e7121a7ec8b604da6aebffa662bd87215aeeaaba37d2bd737edd175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 4787dd34ac59f7876fc7a3e8c4d3c01c |
| SHA1 | 0a2fa42f0b64a361f9404802fc4eea75da616df5 |
| SHA256 | cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee |
| SHA512 | fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072
| MD5 | 3b9d7a5899b1f7b5b212d657f0ad8605 |
| SHA1 | c3c44b2b3f3a8c6b0c57160cbe5796f3f08a66f8 |
| SHA256 | 9e5c9b32bda3bc019d66cfcd3e6405768ee727ed1c289b931f221ff1d82833d0 |
| SHA512 | 13f36b1646d5b65df2c3ac20fa0cc65801d1b07eae9be373e333e49f72a55f40ce76ee6b7fd8c6ef36c2e06cc66fde8e0b038dba300cb0cbd46bb412ed493f2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073
| MD5 | 81d2c735a5b63e3c6fe53be2ece3573b |
| SHA1 | 49ed5096c2b5e3d96ccefdaedfbc29048eb0e0e1 |
| SHA256 | 758afcc2edfef8e7f0ef72f0b9cd4b6e8870db70ce9185579ea5da5f0a95eb4e |
| SHA512 | f1fbb4025230fab13f8c20257592695bc32fbd415feddb1c17d871a949017d73fe665069e46b9ab6f453e90df22b769383d6a9051e574f1598152791069000f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092
| MD5 | bd7413700347d61e76c331f09e872ad0 |
| SHA1 | edcf8c0e570d8f6dd4251bd68a2800d4dfce4235 |
| SHA256 | 0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7 |
| SHA512 | 90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064
| MD5 | 2b79a460942712f3d66a801d54decd55 |
| SHA1 | cf426ebf724c2a2548d312a905fba8d88c0ff42a |
| SHA256 | d4ca2d325d201ac1572f1c9e65539a7a132c331250437f0fa38c007ea72d1a21 |
| SHA512 | 2a7a5e982f22add452b605bea3b4ecab212187586bf9340be8b1f58058e5bc37aa0ab61f96611a9a095de4f569e3f8b09943cb0c185809b92a267da806910f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f71b3cf4097762ba1ea0ad3cf71a680d |
| SHA1 | 3f890955b710f84bfa205e61d2fd21ba327e6b25 |
| SHA256 | 07991100fd83946084a0745e9e7a024f582245be8a40c1c6f614cde8aae504b9 |
| SHA512 | ea746d85dc9b24f9623257302dbd51c99f864fc23914a17346e52b584a30ac076fc78296b4890aab46b972b0ded5dd421f0fa21618d3b5266b2c75b040a5d0e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55ef4009108b0f74fe73111951c0c2dc |
| SHA1 | a20de597861047f545dd76aec64fce82bea88ecb |
| SHA256 | f0e0142a1bb51aac77b7cb7cc815e2863ea77a758c686aa3aa1b2b8c4fadd070 |
| SHA512 | 1bd36b671f7da1d0efe9f5699fb7175b76204086a6b938eb9dfa1517a8c0cc7f0c90ee512456a6b94d92024d31c5a8a9d8afd4434d638eedec492ef398652f9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2f9f367cd994835_0
| MD5 | ed6c6fc6bf8d7161a07a938c82edcde1 |
| SHA1 | 82f737724b239838ae599ab80ca91b7caa9e6d16 |
| SHA256 | 9978e47a96561e3f90b4426561400feede6cb3ba3b5c29c3910f81209b3574e7 |
| SHA512 | fd650d95f0815b007182a11890e14ad49362a16322129fc350bf4b49e8cba319b82cbf87a2912e1507db3df63c73a97f975a7b0af67dec8289daa5d5ee8d0932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5dc16546d8d1f7e_0
| MD5 | 6dcdbe7c5f5b712ed7846fda4fa245bd |
| SHA1 | b186dff512be5f70cdc163f9c342dcd263bc5f52 |
| SHA256 | 80dd752a159b4aacc836fc0486ab7aa87cb55d151753695f2787915e4f2d037e |
| SHA512 | e76fce3cde4fedf346f8241b53caaee0e53ecec30ce22cf1bce445ade054e1a5ad6502478ae7d37d821a1bade35b3ca482042289b6718ab7e8189aeaaec3713c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067
| MD5 | c6aeb5468e51ec6e7ffad37fb2eb808c |
| SHA1 | d64dbe60e9da13e5098dc7053340490c70c091c7 |
| SHA256 | d09820cad69ba3032137aefdcce487b5e09e97e23a9bcc4a83739f4c4def3da3 |
| SHA512 | 325d576d2778404a371db31acd6c6066bdd4a5dbd91523758aa1bc5ce3250ace7cb42008f18715c41435d1b1de2324e94fa9ad4b8600ce5d2040a7fa98efce2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066
| MD5 | b7a5847e3748b94c80e449e217c48cd9 |
| SHA1 | 0837c92f8675bd65c00794f9f4412b3d2737fc1a |
| SHA256 | 63fa68a89bf34f71dd1b1024fc16f4200912befc2150df5af077490b6d4e303c |
| SHA512 | 56ab979e1b0625dc6b6ac20914aa6f639c1582424fcf5d4d3730b64b8308191b469b6e3b74180d21c7b462e43398f1e1e36b4de77ea87906e986451b570662fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
| MD5 | e09a1a01e2c44142201211c88d1708da |
| SHA1 | e6a74c46a2343a091e857524840b72d6b609acf5 |
| SHA256 | 1cf3df2d7ccf23712e4d33d1454d52dc2e64e6ce95e284aba5cf8d7ea5ebea50 |
| SHA512 | aa7f1831a609c3d7785d7f43e917a8e1e4135a7a8d837dd85ab882411511eed79c26b1027b9b842ebd53d9321e6842ce2fca84500f946065609189429c67810f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 2cf9df4d427447dd00b9566db8465de6 |
| SHA1 | 8087616509700002b3364e20c748888ab581b42e |
| SHA256 | 8008577b4c52cbdb4883d39192b6dbef37e006851cb0415c4752dae24b985783 |
| SHA512 | ea36bafecde55be1ffa649f4f873e2267f2a7633d9fbf9c43bc6ed1d7076761e167ca4944ddff9f26630f15266fb26237288dfeefcf2b1d6f59eabedff9c89f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff84cec298ed34e7_0
| MD5 | 669fa5db11d06dbfd9446ae3e22f7286 |
| SHA1 | 31025e39ac6ffd8acc169755917d70cd19877c49 |
| SHA256 | 4822e4a4eccdc84d9879bc3ffc6a8382f7caad5971766395f8c591872ea0da80 |
| SHA512 | 9548d7d34d8f4191ebf61e3667f209ab01d34f7186a7c17c9af0a867ff2a97346ad44711a45712d14dee8d32f52def0222cfda892e4f99a47e5831ad8eae4cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26a2eccea96838d3_0
| MD5 | d27996fc6ab8603587b622e5c9f00e69 |
| SHA1 | cf8713705309cf37e4343e4a1b5749389e53eb4e |
| SHA256 | a0962e236d4637d100a4d999c35096fa60f3f66dc10892d068e28eb51615720d |
| SHA512 | bdd089daf08ccb875bdfa26ec671b123252547d33bd6a37496b45493819eab32d5345cbe067b68d152c69ba016d685f073957224af2d37d02ddbd00ad9d8de6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a80c0f7ac6896d1_0
| MD5 | f27620e03d881f1050c2bd534afda35f |
| SHA1 | 7166a1b21353ea7f84882b393dc9f35d989d929d |
| SHA256 | 67ecddd65835a382e68c8570af04af4179d44735fd15b17e78249660e89c21fc |
| SHA512 | aafa705d251453cd3e50eaafc9e0559d85bfab1a7f5e5fe7fc83149712f4c85d2b392cbb0b167d06730e12a7e73cf713df8286e1e54c1606aa624719aaf7c7b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91950e335249ac8f_0
| MD5 | 1985b714f8b94e2629825728d53b5637 |
| SHA1 | 1a8f1f831a54cfb38180c4b90319032fe67e5ebb |
| SHA256 | 2ad65be287ebf37076501db1e468b7a6b287503cae7b111c96378b6a77f072af |
| SHA512 | 106a3c80e531da7e6a25ac65529cc8474b72aec93b8f5eebdb4d8ca2834c8280ab435ec4774aec549e2772b680c05eafbcf27059456f3b95a3886230999656aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099
| MD5 | 1d757185702fbe7fa84a4111f5181b71 |
| SHA1 | 698a8aea1e118511ca54889f14b87a8d1b60027e |
| SHA256 | fc97c936be26233cf9bb68bb5d7e7b9fedf1c21ac186e1b837b7077dc39b3c64 |
| SHA512 | 42e5b81dd11ef0632174dbecb3fb161e15f204e9160082d9911675e7914ed20c8b8c136d9a8322c5f4d61882f87651470dbef7fcbfba2046c53d6ad035688148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f
| MD5 | ec322469135a16c3dc40e348db55316b |
| SHA1 | 20ea4798f7bcb27486706589407770678fff7933 |
| SHA256 | d11df9cf178849120da6e350c76e9de39ce1be6c04afba5f646a70a921ffa66e |
| SHA512 | ee93fcd34adb02417684b9ae2cd312b9a73d0391338b6eb98c5ea9257751d2fe4ab1a485bce1a0a826d47e19092338033078199614fdf0b7903920f267b59b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26a2eccea96838d3_0
| MD5 | 344161a416231a815cc62562048a1653 |
| SHA1 | f85f9ee0f70d47a46a7b93a023363da1bffc4142 |
| SHA256 | 04b213f2f28af325eedd103a84bb1829b01f73132056f5991261fe7f9e99d085 |
| SHA512 | c20fc20c9d0ecdce1a323e823f974ea9f4a3c2a01bd6fd8bcf4a35781f51635a87fedd7cc1d7c82e5ccbf52fe9d9666d6421182f128e2919d4e5e96920056337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff84cec298ed34e7_0
| MD5 | ed4cb3b4af76bf9f0b97fc895d5ba0e2 |
| SHA1 | 49f5780e99c27c92da80e70bb68bcb4db5064eb4 |
| SHA256 | c604845ad8c3eab9a92cdfd0ac823c8cfa7bc48d5e02d500e7d2158960c71133 |
| SHA512 | a3f7f681cc085c89142edb8dec98b0d4438a953feb3dde0c3cd8da4f20959ec2883ddaafecd7ab31db895de075507cbee5c848bb9fa37e83b5c241a97077373e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a80c0f7ac6896d1_0
| MD5 | 1e0849a429d7a4aa78ca2dce1aa565ea |
| SHA1 | 200bfc9a48d1beb1b2072abd4a3b160c2cf476f3 |
| SHA256 | 65f02dbaa7c86122fb84adc4b676f1ddbe4c62b5958ec87ef1ab2e6ebb5a78a6 |
| SHA512 | 79de13613aaa12aa29cfe4c8b587409c56c613801758a5985a870c40307fae84da1aa7afbd60009b69f2a3bf4e7c133c89b7f005e23ba566ea5850cee0915532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093
| MD5 | 13cfa53cd77baa3cd8f46b2649ce0a06 |
| SHA1 | dbdbfe23ab336a3a5ca28bfca16197624b85955f |
| SHA256 | a2306ee57d806468b732988af50f9c991e0b8d005283339b8c24130a455df109 |
| SHA512 | 80a07ac13f9b730b90bd81565fd611be03eab85c407819f800772f136ed4b35eb2bb1c56841b2b3ba63236c91d98137138e0f149214216d5af84beaef0f42ad1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b5a83d8cf521ad6_0
| MD5 | 3eecaf58e841c5b66e7e0ffa1277d6a7 |
| SHA1 | beb6590bfcf4c77ae259a2936a4c67d31409a496 |
| SHA256 | 56d8f81b7ffc255a5b6cc6d25b482cfbaf66ab9fc8a9c29e594f3a07fbb4dac4 |
| SHA512 | 12ef813ddc9901f4747f57483c4180c1859a27ff113fdfa2e6c8c9361760df70ec44d08cc2cbd520c2e419b16e58427759b677de2434751dd8ab4dbdd5fb98ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\077b56065b9f1382_0
| MD5 | f62e723f0ba350f4301dbc513166135d |
| SHA1 | bbabbfd72d852aef37bea62ea6a33fa839a61f22 |
| SHA256 | 95435930a007818e6dd55451b021fdfeb7c98ca3cc5b38abfef2758890852761 |
| SHA512 | 04c73f36244f4f8d8e66ab794e0c74d9cc73f9d8dba1647fd1881834ae968a111c1847f8b8209bdbee278f8ecc1b0b505bedf9cee5048adedd4625e013ae4e27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91950e335249ac8f_0
| MD5 | 36ee2300e3e4cae7bae53fb127e3fe14 |
| SHA1 | 2da13f3e4c0ddc4ef81e7061db57e370f6aeeb26 |
| SHA256 | a7b4737d36869a4b6f0f843b4ef1a73a20d02d16bf27e7de72973a9facfc7b5f |
| SHA512 | d0d4f7378c4514cca3464598932a61f7d7106e1a3007ad045a3650b9223500dfef59abd86287443662d1cd01dde97c50cf39388c8d965570b0593d74b81cc54c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0f4fce92ae26adf_0
| MD5 | 4afd805a453ed209d21e9f0c27ed812d |
| SHA1 | e5562c3aefb61035dcb3e0677dcb4e70a8677488 |
| SHA256 | 1f3288105ead6638c77fce2fe798764811edd45c9c2bcbe7923aedb65c8a1ff6 |
| SHA512 | 324e0ff2d5f934832ef0e45162ac68835832e18da4a39fb157d6e72a2cd1cb840b116e047aaca9675e0e11d7479cd273e2f687d5ab40c35340c9e60f3981e8d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86d37de51aed3a42_0
| MD5 | f07b416e6c0a94f31e230c08cb62a615 |
| SHA1 | 1593a48ab3a8255afe3d7ec53edc1bd94e5831ac |
| SHA256 | dbad2703ab9f92d86b9c626441f27965570b0a0f13c113706862b0087b23f7e4 |
| SHA512 | 457244ed753b82b65b363d5f05be93ea201a4113a64a9ed53c212260fc8bf92f39738077bbc251e0015d7dbd683d44dcffe8e3229d1b14edb62d913d3703fd33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54935b876ccf3c32b5424c704c6ae400 |
| SHA1 | 875457a92cf18b494e20bc8edfea52187daa6632 |
| SHA256 | 68e3e48a259a046cef344c3436206a579f119c71e16bd28ca40f3e74028687c9 |
| SHA512 | 566d4ec29aafb40229a056f9ee8c9eecbccb4721873fde1b7c7b8e00dba3209f812ba5bcd0b4d773ef8e88d4ac8984bb6b8ce3779969cc59b3011b451b066bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbd8380ef72f4862fcaf7582b68d8e80 |
| SHA1 | 457e9ef3b4e0187b7abac7f9f5c82587471f1bb5 |
| SHA256 | 451902e7f0567a539ef4ff9de8085c2232827fa967ebf5c40b1a1ff7ad32c807 |
| SHA512 | d563610c419a3e3557c61dcc5fe105842bfd1703c344ada08d705f67df3221129b3a7f5b9dadc830309deae1dd7f4db3c8d732cee4d7cc1aff6920aa208fe443 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c4b4494fe223632_0
| MD5 | b64faa155e7cbc067dfbc45ecfc29f05 |
| SHA1 | 76c9d55cc7cba44a7cec213ff0907fb5738a023c |
| SHA256 | 916a5e887a1cedcebbb633a1978527af3a7a00adec9bf7f1f7fc8316f9f4e5bf |
| SHA512 | c8b249b1d77bf793f5494dc10f5b46cc18950abfb4b125b11186b1e04040e61658662fb71db5c83d3ff7ff9b4bffd293e39579b65ac349222a1c288f72b1d3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cecf72253e60096e_0
| MD5 | 40d24028781f0bb7cf2edb7effdae2fc |
| SHA1 | 9c4eb2bc6a46638f4b438fcd25d56f04ae135268 |
| SHA256 | e32f9b523fae565b66d302b85e8b505352e87bf10106483908c6af0ad8214aa5 |
| SHA512 | 291d864565db3aff27dfd2c47d3a6e1829c2b0cc9b8718b2e8856497f5b7f27874821f8ec9a5a3298ff39f7ec836a67a53aa0a34bfbde3a90fc11ee0ca52412b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\460d0f04ffdbe3a6_0
| MD5 | c7612b4aaf7170be6430511d9b56c394 |
| SHA1 | 6edc091999cae2a49813d0fb1a0924ea3ce48d7b |
| SHA256 | 6eb902d6d4f89964a87684116dd5585d70ee8b9adaec413766fdf7aa1d5719c6 |
| SHA512 | fd6bc0bde260e8642b7e6c865ac5b35e3929cd11495edc520e3a1a0fca5be2711c979cd5fba93b00cd7070e9be4d716a5ff1a59af2b35943e9feb9787d3b18a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77af8b46cd138965_0
| MD5 | bd9891016ff7fb899007e3a050032f0c |
| SHA1 | 716c1998c03569d81a66681aebbc6ced2967998b |
| SHA256 | 57188c33c9dbc68177824ff70b01431de4d761b0e9b0a0e24b60ddb49661f594 |
| SHA512 | 2195fdec940216f4907b507d97c33501bd26f98548cf4279c807423893a2293d0e683f5198bed02647ac7467140470c129d7156c65044288733b4fb7f0bb4e9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d1449c54f389b7e_0
| MD5 | 3eb37eaad5287fa3fe95dc7f2c48c898 |
| SHA1 | 6a4af9b3e3e214c657c25a898e5b64053a23ef87 |
| SHA256 | 97d0b19f92ec3072c8b10139c0035201004575bdf60be7ef05cbdb54f942053d |
| SHA512 | ed898847046b0c89db875e90f4dfa1baf2f9d7f9f6b627b9201874369561eca9aa2b21817f12dededf06c20f76bb3ec1d698992df1efe65da46f3a3d8978ab85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4510bb0e4f54f5fd_0
| MD5 | a449be73f91ce64e1996f4ecd558aef1 |
| SHA1 | 9bf2690a6989679385372fa52447d6828ea883cc |
| SHA256 | 44a9d6b850111628f06666224eb36d7ba1bf2462ffc66e690cd3a5edef21df77 |
| SHA512 | 9eea078be42ca7f76927c870ad38f4584872a3eaf9c8c4227632bc74313f0ecd853d3addd65f7961f8b116ecb31c1f926135c174c4196a769c7be3cfc725eb6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d4fb5829af7785f_0
| MD5 | 6d1f45331d7240748329fa5a128c9985 |
| SHA1 | 6082840a99b6a84a24699b30bca124225586b668 |
| SHA256 | 22766a1c96f442fc2664e504d8b3bdbd2b5d352023ded05dad690bc83c2c1d9d |
| SHA512 | 5d8136f5287bcfe9e2fc109b0475f45946526aedd3ee63ab739b6ba396f038643200c7e85d5769afae2cd100975078ed03be4530f4162e0ad8d8648e087ce1c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c1973a50faee2546_0
| MD5 | e2afdb509908f699aae3591cc4cd8e3c |
| SHA1 | 849a284a2c50a72fa1ca28ed6ea6cd167fcaa621 |
| SHA256 | a31ae9bbe1dbd7baefca2cf18f240759fe488cb0590687e7875980fd109baa11 |
| SHA512 | b29202ae8676898e67737314900e40fdcebddef87a970aab210fc1b508df7062fdbab191a2955c2a80e53fa6247c85e7fa03017b813d19856050706773d7e04d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5adbf4ba0fbd574_0
| MD5 | ef45c6e29a675c60eb18f395fe1ea9d6 |
| SHA1 | 1eed9328c4de48069981d23c7a3f88f7d9e72ea9 |
| SHA256 | 0b0f4adf60a72c0023e18861cb51095a96c2026761d45976a7f1da9390e2cc7f |
| SHA512 | 26591b1b3589a6ea305f048f1c208f63423e2e9b496ce31b07f2f0e8f2c2694afb00f012654a4c1dea3999d69142582c5e7a0a57eaea5ddbdc0903c9130b8552 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e044e34f673e98b_0
| MD5 | c5e196b7069ac2e2bf3dca6301c94788 |
| SHA1 | 04aade2f261309db1915e18dc7332c2fddd36ba2 |
| SHA256 | a9958e38f2ce5d77fcedb71af13949c66cc94a2a699b85f090eb3ac2d87a1d32 |
| SHA512 | ff4c0710d371d8dd6efec1892590a3bb1b91d84b3e64a9634e24be82cdd1e3ca425ba98ce78b7448d5d6e2109e388db0926635d25d9856d755f0fe977119d859 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0947f906144f5c84_0
| MD5 | 9ee8d9bccd1d5588d0e4858a64b9aca4 |
| SHA1 | 235d203b9294cea43f54b6752b25e9626b07ba6e |
| SHA256 | 72f8dd84ce34679a99b8b570e2eb18b844696d30a15dd997c6ae85129fc9e24b |
| SHA512 | b8124092ad1f7f858cd1a3192417397946d03eaace4bef51bab7cf6c1677b73e164f78f62cc27bd123e01021d465232d72ee7dc11ece9f4c4861b0ff47cc52e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38e7e216b4857844986f47e7626def22 |
| SHA1 | 356d87f0a19a6e4a8464f38ccd8fd58ebf1b6084 |
| SHA256 | 49155e18e04cd69e2eb9d73b41342846d0b34f72cc97d17b4746457f94173903 |
| SHA512 | 295d332cc0c59c811827ec7edae83c7b222902d1d303d8abc2475449ffb76259d54110be3b4bb6380afb1f31d6f4f813b97fdebcce1e45771d4186d6bc4d9eea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\afc3a8e826f29c4d_0
| MD5 | 4014abb067e6387eea5e555536e8724b |
| SHA1 | 696bf96dbc74bcac4283cb495540a5ea9ac59a7c |
| SHA256 | 9d8b5b3105091c6c9f1aed9435259df1d139a7f5640fe281551f8c6e31d784cf |
| SHA512 | 7f0e82a3bb46ba6d70f280149858127e84743d42ae4da323bcd121c45e90fc23cb791c7f755a6a0a955335bf49d821b1cc5b79e261b322aaff512196443fcd6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66dc0766a6773d80_0
| MD5 | f82f9a5229105c2ef0c1ceacac68792c |
| SHA1 | cc3a93df747d3536555bbac0186bea17db97f8c1 |
| SHA256 | d5c80798e29b2496fddb0f27f7b67995bf252a340bc31f5c4c12f0c2858d5673 |
| SHA512 | 960a0317e959e57622db24a9dd118c8db65eeaba581b5a21dfa1f37c53970812af1a012b004b852ff1a27592fa61191e79a90386330a7c4f014e51fbad823824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095
| MD5 | 0d52b1d463c4862eb4ab631566ce1043 |
| SHA1 | ef6656068d0c04adecccd217e6face9366405a54 |
| SHA256 | 5744eeb6fbc5e3c6810099cdc340aeb2a06d8ab50f9d36ff3ad04584b54fbb6e |
| SHA512 | 11e8aff29f90f06d9e1d3abb6d5c27d9f0955266d99e572377bcd08985f9b3b2295939ac91c229d46fdcc0e71af9c99cc3449ec1306b469c518ec4b9a8acb075 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
| MD5 | e9d71ac5376b586cfde670f585b3251b |
| SHA1 | 11ebff48e153b45a98630d4abaf3675673e77b97 |
| SHA256 | 948d25dc34ee935a5254468691714c9f2e53a2927652a077c2ca84cb03fa4895 |
| SHA512 | 726aff12bd86067f60ba0019ca79cd969b94af7633547439252af31713e73651d4ec96d2e2f36683c43d30a8d2e76cb425e6c27c7fa48d46ae8c18664158bf9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a5529426b411438454c855f80e743b07 |
| SHA1 | cdf3fba7f827976483357ad32f3985bb5d2e9a10 |
| SHA256 | 3baaec4edbb0fb376b3d491d5edabe801d0a7166a877ea07f7ce74adcae7a5fa |
| SHA512 | df64333d592cb72cb77fd5bd15c6d9f275c0e155d3fa6f21433879d6885ed87bb9b862c63b1c7f1f94c27bdab6ccadd17af5ea45ca5e6c709fb25deccdde62f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efcdb1d6d24f60d5a19b6d2a382ec40a |
| SHA1 | 5e26fadbb77f4b4a983f4dda57e6400e30718f19 |
| SHA256 | 9729d2e75b8383c2efbd686670ba60be06c6caee40633aedc5a5248ee27fa156 |
| SHA512 | 6320ff84e6037a59fe4039b4c50de7894230ef44c9a1783b8abe83212c8d903a8db3bee37b0ec7616802f543200230b35148ef6a23decadcd92699da9f7bd479 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f39f50a10a56c0e31c12b18db82017b0 |
| SHA1 | 8e2464b8da7181fc049a1226a8704f40c0f8f5a5 |
| SHA256 | 19f5dbe7bb7caf55598a19792089a653b4a22e6586e2745f35f0e3a2165abfcd |
| SHA512 | e725ecd47e1cbbcba7332ed3bdc68648dd43876c1bdafc1c2527a8e5cf988201d521a38d37b2668b884cfb7759c63de8dc0e92f92f4233cac06d657e11953019 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 746734403b00287d483d3b002ae455a7 |
| SHA1 | eae465c3399f406c994d667f3a39119d65fb5a54 |
| SHA256 | 4fd097cd5c09c1f8b8b65f1e623ee8b9920ca4527163c148cf1a41adf2629d59 |
| SHA512 | 932444a42e071d70dcfbedb9fb495e8203767d24d9c456871524418ed122c3559961daafd9ec87a4d2fb5aece084a0d138fa68195973118c1bd27b3d56e98262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 864597d01b75597539e7feceae642677 |
| SHA1 | a9063b4a14a2b7071460140cdb481d1ebe82d04c |
| SHA256 | 57a07f46ff9441b8ad9debf7d47290a0086fc227ce839948c0e9609ac8ec1444 |
| SHA512 | e7b1ce924adef7b0a6dc451dfea19082ccb9efc0ac97c8702e374c698d1bb0c0aa899e334d07a44f8ab5df9114b4d2baf8c5b6806cf4906846e7638aebfb28a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da
| MD5 | 0d9aad83b65bf2f491bd8d67a0342297 |
| SHA1 | 4af93401f2020d4077b220a36f583156320f762d |
| SHA256 | a836ca0ffcc5f64009bc70b55a831b3a644a31427029ec91d822a26eeefc4c8b |
| SHA512 | d7df5bd355ad42922dd88607cfa6c8e3626fe746654d2bedc41dd638a1380c03302949b35f8978ab4d72717ce562ef69cd78ad4aed5877b8380b53eba988ea74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013
| MD5 | aab2532f8363e63359dbf0c31981f57f |
| SHA1 | a21523eb85636a0455977ffe525260a1a8568043 |
| SHA256 | a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13 |
| SHA512 | 7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64 |
C:\Users\Admin\Downloads\Unconfirmed 775732.crdownload
| MD5 | 1535aa21451192109b86be9bcc7c4345 |
| SHA1 | 1af211c686c4d4bf0239ed6620358a19691cf88c |
| SHA256 | 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6 |
| SHA512 | 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a41d5714cf12087f68edfcb204e5be27 |
| SHA1 | 70128be3cee908accbef289ce306217d77c5dea5 |
| SHA256 | ecd3a0c8665ef8eccb1e684050b48965ced68e2421183b50fe33f7dcdbc0cd95 |
| SHA512 | 27389fab42491e6dc4db445579391c18c84ddc763f069c81a22d699c8663e3b7d6e112cad09c08c9151379b941b93e945716894d76d5f860ac7206072f63faf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aec6dfd74630426aaf1279fb30657542 |
| SHA1 | 277a87588d504651706206ca166627a819abbf71 |
| SHA256 | a58a98ddc8e2a7cb029f2770b066742ef374fdf7bff7407acd8b304b91a0a9dc |
| SHA512 | b482185a889a7ae40ffd5d986a13bf9cee320f1bea08e75f9b3f928db2a4caffc8da01519cab450a2be9736210780257c0088492dcda1c6c9b6bf12d8fef4e3c |
memory/4364-1963-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4364-1965-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5188-1968-0x0000000000580000-0x0000000000581000-memory.dmp
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
| MD5 | 81aab57e0ef37ddff02d0106ced6b91e |
| SHA1 | 6e3895b350ef1545902bd23e7162dfce4c64e029 |
| SHA256 | a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287 |
| SHA512 | a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717 |
memory/5292-1992-0x0000000002430000-0x0000000002431000-memory.dmp
memory/5188-1996-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4364-1998-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0
| MD5 | db3ca6733433656397612ca94aee4e10 |
| SHA1 | 5038311dc43d7183de96ccf4b93a48c2d0344e48 |
| SHA256 | d78929efa6dd59789b742c3da547e2a02cd3385828608d8b9112e22cbf40158f |
| SHA512 | d462fc5b200691bfa5cb461d822f26e72260c0f457616267ed3a7186a2fc27ad9eb028cdcf920a16505a0bbf1e93f6a04a956be35715f620c2dd16f53465aeb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4
| MD5 | 01d5892e6e243b52998310c2925b9f3a |
| SHA1 | 58180151b6a6ee4af73583a214b68efb9e8844d4 |
| SHA256 | 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d |
| SHA512 | de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6
| MD5 | c88f47b8573c1a08cb8403f6ad8b6df1 |
| SHA1 | c5f5df03750d2406c75cbe9139057d8bff0f845c |
| SHA256 | 49084e04da1116efe06518d75bd148271ea1c243314d8c16633bbead93a2371a |
| SHA512 | cc589f3ae0c2db49abe428f5647ab6646788bbed149ea0c9157e897bce52ee58d6a323df5d87490f5e42dd85bcfadfa97f909d61daa63cd77f07a0b3ed80371d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8
| MD5 | 6f2e9daf8164e887f13687d82fd27432 |
| SHA1 | 26820eab0aa3964781482e711ad82aaf8d37e78b |
| SHA256 | 1331e49bf7b08ad314737a7964124322f7d8e80c13d63b8b898e22231547a4d9 |
| SHA512 | 393bfacbb353f1d524b25904899437c41119457c1810b10481ea48c114b9cb799fee6f13e382060d596ab6a26b44d28b0c0a297e55aab0797b893fedff06a7a4 |
memory/5292-2078-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea96acd73d6741adbe0eb9e9705ec4ba |
| SHA1 | e2c88beedead248534220558a9dbaa8bb48bdd48 |
| SHA256 | fcb47ff1187f22d5f836e579cca146859dc5dbd3d76c1c87af08341c8ae1b1ce |
| SHA512 | 754d4dcd09fff85b4d03e5af3efee98460d890d84e72cd6939fb25b082f86885817fd869357cf6c35c66c15c3658bd2c2c317ee6644023bd6e688051f67a192c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 919695be628e3e2c9c7bbeaec158d566 |
| SHA1 | 063286c0aff15d44835ef7d6a08debb5e5476a0f |
| SHA256 | 9d0b6e41894c8400be44adce6205a2fb9ec3bc0c5f4b350060671dc9cd933746 |
| SHA512 | 207ad65ce815b0b429538d1d94332d876eb51279b852ddbc04472856985e51d64bb5105ee17983df3467f59f9ea1b60afad55bbd65aab65c0f626b1c8aee13e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ae780d535433a0992c64525cabcb2571 |
| SHA1 | 0896b24d5a04eb056717b44fcfc3ae81e2e71683 |
| SHA256 | 669f30cc12eb308d13a91b97f55fd289530eaadc07fbe8d72bbe24ce5539b1b0 |
| SHA512 | 9c222b2ef5ec764d2ec4c438fade409220f9dc16a660fafcacc5a8a3de62f96c977c65aa1f12db5f8977eb6bdcb8dd38b9570fc0d7d8c6b20e9643614e37add1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 21eb09ecf583055978a89cdfd591f5bc |
| SHA1 | 31595c333af21671c7de23bdb74f2c9cc8ac9f65 |
| SHA256 | 751b56890cdab6cf3a2f7fcb6d68ed30efc14d60e202af48c1828ad260d10a76 |
| SHA512 | 22ceb7e59814272292c2795812a7c57c0055bff02e4756019701e733a1a9ab66304c125f5d5fde3a6d23f3825e99522fe823c707a02e48a22d072bc7c7fd946d |
memory/5292-2134-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ae1da4c912816f0fcfd11a2ed721cd7 |
| SHA1 | dddd1f2df50d5241ce6af488a82e2dfa3b8a333b |
| SHA256 | 94140622c4608f0b8d11bf2106bfd8bf79ee1469c70b9e9c3568fb197cad60ad |
| SHA512 | 3a48a6a1d1c774ff225eec164061caf1d1e68429688734a6fe89ea2551126c67a79cb1f025bac2ce05b5d34ae49d6b9d36963569f8ddd607e3a14fa5f2602ff5 |
memory/5292-2140-0x0000000002430000-0x0000000002431000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35893a88db3048d63148bbf1f3f4fa57 |
| SHA1 | 7cb4e8e4d6fd055a8b40f0b8a6797ec33356e296 |
| SHA256 | 7398d30bc6873dba2997a1c7f1f62f0268936e57fc52b3c731aa164b01286283 |
| SHA512 | 5d63559e4b46f03ace3eee9846adbcd8998e170ccee1164a50ecf061facdf77ceac7092dcb5cf243f26e919817ae22f8f88a592a94561b56b7deb20ad0471eef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc864568f0af64a9c8e8de4abdb9fe61 |
| SHA1 | 2e161a9aa34776c0da8e232a670af594c6af8795 |
| SHA256 | 5c5719e84df9cd2cbce3918ed6b966f3810b39ef24edf54a7b7dffd63ee02375 |
| SHA512 | 458427c540ebf60827a8925228a92194acb48cc4dc99fe86fde71870ea017ff23bf46aaf2697d88476aa901440411d4d0f03697cea25c373a8a09370a526fd44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 605e412d1d779dd9c380001550ff6767 |
| SHA1 | 7ec51d2e83f6dd94e6b7446097281bf4c4d123c7 |
| SHA256 | 140863b8ef7d046c42b349ed475e07ab24d7b8a7a7120c8ba1842db0ae0e86dd |
| SHA512 | 7e15be534c07ee1a8bd8200c9f5d75c613eb4934380f594d5379db86659ee95d7f03485a67debfeb13fce18314bb204d101997d1c0f70dd616f22526dfb666d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | d307ce6ce114ea2d363c2e709df6f9c3 |
| SHA1 | e8173b7467489dbcc7fa23bd6dc2557a70624ac6 |
| SHA256 | ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df |
| SHA512 | 6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11 |
memory/5292-2246-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 437261156cd179a561cdb9876d979de1 |
| SHA1 | 940a0cb9f5a248a88df895c5c05eaa9eb7da6ca7 |
| SHA256 | b6344502cb327f9a998b86246754d9b5db1ed4fe3b5af9315df204f12a667f5b |
| SHA512 | 4ee2c124e5847dbf842c4a28f902afd0a62042452a58cbd1ec09be2e6b8603a081717aaaf48e32d74c4463c5a0fa927a9c784b184d54025ffbb46f7602c19f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 20205d3da86be5f5aae99b10dc10d267 |
| SHA1 | 276cfdb7b317e4478005caa11f5ddd874921a19a |
| SHA256 | 2b777a626ff9bcea70473e7ede8a27f3c33733fdb62f9c7b920a878f75ec2592 |
| SHA512 | c6fab2e3045e5400d6e49d14c98d23d4fec5a15329423bfcc58b030e97c80ff8796f535c48e69a3630238b6a8541133fd8c0fb7539c56e8d4a954a668921bcf3 |
memory/5292-2404-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5292-2423-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5292-2424-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 74214b44c22308a9777fdf6e8d9c90b7 |
| SHA1 | 84a6ba3dbfbe627362598240cad18f0827881cd7 |
| SHA256 | c8a607a10ffb6337105cd877bdad56e130216e12e8d09c5d3f628b52162389a3 |
| SHA512 | 8ddd2a0f547efb689cb7b350e9b31be4b50ef7cfad9e4ad83eab675f6c74ccc538200a004093f71a6a2e56bf012bc333f89731e80f1ac99992f69d8c7e92b98c |
memory/5292-2434-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
memory/5292-2578-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d585cf182d7872aa575c2ccb653f20ba |
| SHA1 | 80a5f3672f63d90d074286df956bc1067240548c |
| SHA256 | a7cc26713d94fbc73a244f656aa02182215985d2a8cf96700d58f3e3883f9a65 |
| SHA512 | 29f29f9dced75d7a468d1c34e128b77aa7d51f72bc1271fcbe0c1f1b8fea75509ff2639081ef20d4077422efd9b4cc2d5a846aa6ca2cb9cd92c41d49481875da |
memory/5292-2779-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0
| MD5 | 27f9ae010d6d403e402bc7331e7cfce4 |
| SHA1 | d12ad1efb46c1a4256347f71efa7187351ed860d |
| SHA256 | 6d4129110622afffe1ff09e5516604368ce75e06145114d666a36f996d83194c |
| SHA512 | 33ef07d766c5608b1af426580eb3a70710bdfb6ceb4f54ab862019c134b3525d2c49606d159b80b99281a97e94352b402cd95868b1bdf9dcd22b542e0d94e08d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
| MD5 | 34f36e0b61086efae516943e36a225d0 |
| SHA1 | 715378237f6db22605cb2d0f5b9e9a6944b6e3cc |
| SHA256 | 13a1f55989a111bac1a6bdd000e2e864017d93bcddd109f60826d0cc385833ee |
| SHA512 | 34363284d0fb77c2b6195402846f72236b60c071cd67208fc1cc2cf030ace894bd3d5565cba86a071f1216225b0b6b2062842b229d3ccdaefcc744619417590a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0
| MD5 | 8df149b65606f0fdc9ae55405d3e96fe |
| SHA1 | 6a14dbf1d04cf538394c6c5d9820cb3142853275 |
| SHA256 | d580ed216f22bb1fd4493dcde3795b53db6d2f2ff1b6c38276abed793c498670 |
| SHA512 | 5f30b8110f5241c235a013b18f4a5d33d6e028e7db8114fa079e22d0f3b2367a085cbbc3edef964fbe2107d691198a9122f2b094ad4735768c6fa9fdb38010d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 2eee41172e0f663a106c5fef310b1fb2 |
| SHA1 | 28034a71d2d23a71cc7c3e963332a1fc1fc77742 |
| SHA256 | 455067de25f3dd1b687c3c2f5d9d381c529810ae5d353d28db19e6000649af71 |
| SHA512 | 559d0c024d4f36f1e3610aee20d66c98c12990b2674c010d28890b1c405057c8c4730b3da01545c49141650d40dc0400b09f3fba5c5395e87871532e6fac7c47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 7bbf6f3b3001c9bb67c940d818909676 |
| SHA1 | 4a801590f7937fe8b229d7ac7dc58631786dfac0 |
| SHA256 | c614f280580c40ba9a9a864d4dd6e0155613ba97078187a2005db9e54a511dcf |
| SHA512 | 8987265dc4e6930629e76332454b22d7f93d8073cca2342328005b532cd3292fb4877bc452b138d14a2d1e89914dcab41846bb2e39e7a73f8a7ffd13e53fd889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | 3f78a4e6a62f004ffbed9c1be89fa869 |
| SHA1 | d77b6adb42928547a13cc91f3fad213c232e72fa |
| SHA256 | e74a5438301afdd1aa6661559df2da018454b8a19441586b5328080705e2a733 |
| SHA512 | 90cc8b22f111db588ede393536418926de65bc63c7598d3e74376bcedc74eb9cc8c4fd097a9ce6792cad49493736356ad6200acba0f4806870fd30fcb2a94ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6591353e7e8bb2c_0
| MD5 | bb5cc6115f6a44ad2ae4e7b139f2799d |
| SHA1 | 9aa43479caba513117d3465cb9068388a7cf3cc6 |
| SHA256 | 199ffe4a9f84c0f7298c0898352ac04f274c478342157345aedef64bd2f1c44c |
| SHA512 | 5686b8b8cb078ff0362cc6692949b81fdc50f5e533d9e03f60928aa8e7afdc051b98665838a6a0d1c6adaa5c2a3436f69e90ef9062fcd534fa5a1acc44e9ef16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | b749a2420bf2e933e2536afe37f1cde0 |
| SHA1 | 405dfd5c2973d57966e56ccfe0fbd9c66d8cae95 |
| SHA256 | 09f3b52fa56566b489ddb7d2c6d8b8bf3d917a418432c0bdf1ecb36d9a308e22 |
| SHA512 | 49a390ea6c11d71bf34d031fcf9eba290e74e8d6a9287a52acf1d77fd660e827b920203a4c87d6794beb27e61a570fb0d89b6852c8756bb9e959b914d109d12a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5761ba72d084a14c_0
| MD5 | c0504268180ff66ddb51fda79868f6b1 |
| SHA1 | 9fecf6913539758cdbeb19c8bd9ce08f5d7f264e |
| SHA256 | b8fd573178de6d1ace36cdba0723c16d4d3b10dde5c8a932e0c55e350c040cbe |
| SHA512 | 511bd4085dff5f9f8536dc3992b62af0a277f355d2e4536f1b024e954063b60fda51f8f64f36ec1c055b0773058d4b02f66e1f4767ed9b4c7f2151915cc78d4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | afbc83802f7e1b8c5dbf9dcaae43e004 |
| SHA1 | 36a9d82d191c0ddc34f1c124b01512347d9d5632 |
| SHA256 | 853129d92f09811495b83ba3274f8fda5ddbc26fe775138b5e86137630abf5c6 |
| SHA512 | 8804fa36f96cb745e9be874adfaf306483ffb189a0fd6f1e69a7a181e5fb2e699920ba6fb8db170a64d84146793cb5e9ec6e84bcb74fbdf1b546954e36bd1a21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\570b9373b56aa1df_0
| MD5 | 0b49caf5b05e797640dc2ca0c12bc54c |
| SHA1 | b5bde108fc267307446c078f99e95d45369f2069 |
| SHA256 | 46a7d614ab8e1d0fd745432df8926ef51c4d37f740427aa9ef6b61a8e6f37035 |
| SHA512 | bf2c9a6b46e4c6924b9c7f96607bd6e121fb87fdd8ff7a50be2c9a59040a35f71a33a1aae7f9dbf516c43bd82ff804e25a59a84ef7d97d742f5e61c810694777 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | 53d0befcb2f63ac731838e42f433c8c6 |
| SHA1 | d3dfcb38681386846eb2b76d0dc121850ee46bbe |
| SHA256 | e3224e0185d3d820efddc6cce300edb6ee31c864baa841bb91548eed1ef07d2b |
| SHA512 | f1ef04bcbf35cb426055a5785d20e046ac0174724808710c233bde337f3feecc72e6b756d0d48ece04d04e671522a28647d5f8f17ced3040c038b0866b9a1cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0bf23602ca1ab29_0
| MD5 | 87bed7f9ad70febd13a1d5b81c7a6617 |
| SHA1 | 1fa635675b38a1591b8a1ec0beb56f96fe33c694 |
| SHA256 | 7c863c517c69f51d1b710c22e1f980a360454c442775444d626f8963d1d72ddc |
| SHA512 | 794591bb820f8c32ad48b8f8c3f19f3fb429cc793ed9bde53ed4f296b1577c9ea031d9f17f934be7224ba84deaeea68c7f2d126266464426bea507739abe96b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0
| MD5 | 37da2695ca4f01e17dd3a4d265e6b9e2 |
| SHA1 | be502cea8dea80499a8c2945d10d0489cfbec236 |
| SHA256 | b009b43892fc91cbfd1e74103f6db2392fb4de431f4ac97db0f10757bad44aa3 |
| SHA512 | da000540459d7b128ec2377c7346d31d0c5f745d2391b2652fb2973a7257d7cfa6d834e3c6d1dbc332a5b480eb05b0c48c4daedfa6bbaee13343f9d71bc4373d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 3ba312914b87aab6b9a5a7f2dc85d778 |
| SHA1 | b805c2cceb9ae68f263e7017c73cf321e7205284 |
| SHA256 | 841f2f60bb63c792bde1c4931abc0eeb9a8d877885af5ebe57b5ccf55015472e |
| SHA512 | 6fbccdabc7d42e2cebcc1349963d13bc70ba9cc59c0716eb8de6df4e632c9f8c6a826508cc327ab5d99ddd9e578acd4b123053ed54a65ab4595b94dd29f687c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | 57581d667b86f834ce47ab6bc00492c1 |
| SHA1 | ee3aa3958c563543455bec9a672c3d1464b73f44 |
| SHA256 | 25cd3b485623bf96e57f32c1f6ee93e6087066a5d84ec13f708332627caf3e90 |
| SHA512 | d5425e4062a98fcf851293d3647d30ddc635b813ed2dd4665f8803d373ff6a8b95279ff30e2b2cb73c1c53e5b26375768c9ced9758562dcbd3f35a55952a5b7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
| MD5 | a8c0738dc70164398d58f9bb5d1cdfb4 |
| SHA1 | 4aa8342991ebb44aba924be227ffdbea9eb8643e |
| SHA256 | 12e5d7ee9eb7c02cbf76a96343df7128ae9300c7898531be98d265bdb8762d2a |
| SHA512 | efc9ad66a75c13906634e48e884385f1c6956487e2e82b6dd98198a63a805e486883203bde9c15b59ff8d63daa5b0d1d2258289bae48070c46fd669a2b1fe787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0
| MD5 | 6f6e80514b625a48238402446fdea4c1 |
| SHA1 | 25a9b25992a519dda8415ef71d11ac43206d7ef7 |
| SHA256 | 34cf609bbb523a92896d73e627125ba3a3481bc0217214e59b707e2aeec28704 |
| SHA512 | e5ac90b592c23fde8b4e09d0ae4b06fd493ab1492aa41a007a441f02f6c5f5a8597e12f5135a6d7b1b36fe9b6553c5dedd040e624c86fe14ad3e3c68d75dde01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 65b00bec774c969842aceb3199fbe254 |
| SHA1 | bd464411b9578497f081a5f8b6c04180b6ee0f0a |
| SHA256 | d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda |
| SHA512 | 0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | bb3fc9718561b34e8ab4e7b60bf19da6 |
| SHA1 | 61c958bedf93d543622351633d91ad9dda838723 |
| SHA256 | d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141 |
| SHA512 | 97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ce6240506261827_0
| MD5 | ed7cff6f233d556ae05fc67e14fd7248 |
| SHA1 | 225766aecf48cd9510e6e94748a66a84c7d53955 |
| SHA256 | b23a9eec56897ad967d06d724879dcc91b6e11c2ad3abc4741cb451e109c9d13 |
| SHA512 | b561c2157fe306cdb5ffc867720268a79775e96ef1437fd8c5200b22a748e4b5e556acad3487c9e03a26ba1197614743f88e7c6466b3942a7f77cb46cc990f0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 24cab279a1b1479cd2848b4cf4db97d8 |
| SHA1 | c59c889167dfa25ea85e0ab5b93db29270cd9a3a |
| SHA256 | 2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51 |
| SHA512 | d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33f0991b0c05bbe0_0
| MD5 | fdfb3852d48dc68c5123702f25bb7ea9 |
| SHA1 | eab01d22bf3df3a1e1acf365ba275084f5321002 |
| SHA256 | c27d6672984c2fb046d3aebe14246fc13146323e85ce47fb0a7ad17af654c94a |
| SHA512 | 37c2b52f6a323d9b6b8ba7f200e23bd17dce6054d4c289149279142eb0b3ac4d5603ba053363b11fa6de7de5ec018ad952e4850ac85c50f17fb876ff20f00a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47130442e621a46e_0
| MD5 | 94e21d79c4db4ca1d89b01dea393ef7a |
| SHA1 | f70084fd1328be1aaf040637573b5f7497515343 |
| SHA256 | 1f37f698e6806293fd3e502d0246d71b35dd2492d24d595f627ce31afc150e5d |
| SHA512 | 79c52b9d98459bac410a947094394ad5d873103b4fe21b5ac94b19626d03bbf8776bb1034465d6e1687722cafda97d99ea02cc2db7f0d9d6fb5adfcbc75ee92c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3cb4aa86cee881e8_0
| MD5 | 1a45eed34bac3b49819165db52d32fbb |
| SHA1 | cb708cdd4aa534960f0c761fd4ddb7053b3c9060 |
| SHA256 | 6f56b10f46ca000d086cc5de59fe04cf62800c4f4e21f433438a381697d29161 |
| SHA512 | 822977ef1aa1ba20add35034c7f33d6893d8633acde31834034cf294acc0aa4d5703515840b2d95b61392f161071d666581397961cecc28f406176246e3b95e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | d7a7a1988369c0742a6cb6b72dc1ce59 |
| SHA1 | 0c6e58ac6361ca5e46f703340c55c3b3d04e1218 |
| SHA256 | 4a3435c3ae3a91c406ff9d4b28800a029b64c204334f52ad567c912f3ebdffe1 |
| SHA512 | a62fb801b8fffff6c19920edac8e8b7873bb5ffe9cc876f615d49c5c7d9e773e10d4525c4ed92bb6e634776e579d792ea4c93525fafd78dc146a6363123a3f61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd8e59714b0dbb54_0
| MD5 | 7d6c323f1e93747dcdd2661154ccb1c6 |
| SHA1 | 070af9cc9729cf484af5651d472ec1918852804e |
| SHA256 | f3b334b3f757f8e4c636dd13d1289a2adf144e48caf2322e25021ec8fb47e297 |
| SHA512 | de4ea27135f05882e1fec6374e1ade24ce460e55e53a62551ee0b7ea6e5fdfd5b97fe7472664c5aad14120604592e945ba44f2f7c3dc362d9c50e1f2fb29723d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\693a63a9fc641d93_0
| MD5 | 0c46001f0b1c9b72c90bfb9afb215e0a |
| SHA1 | 871fc187570ae2de7d5fc4e3fce9f0c76001b544 |
| SHA256 | 5fc0f3955eb34cccde84959c97c2885a08186bd3cc0344b5389358573b394fc7 |
| SHA512 | 56e4eece6136b09d49f2841cc4c625ef59def1f80835a0d9531f803539a9a516a946fd183d0005f8466117c4ebfaf92b55be2426c84c9fa8809fdedb9aa8471b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37dfb5671a046f1_0
| MD5 | c47c2eaf4a757c57da511cb21c331fe5 |
| SHA1 | 9ffbe8dcc945f4eda1ecdc6dc1a3e286abe3ced3 |
| SHA256 | e9c0149dbbc15e410fcc3075a147b327c63b4937e37999bb808900ca70b55a01 |
| SHA512 | 7935d7c3cd70eb655596721543c913ec712eaeace3940fec9d9d2d68d35eb74246961c272bd79db080db0ff5b00bcda4dee9717fd414b872b376fc6b64b18800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 9d49a64de61f2471491cc96873efb646 |
| SHA1 | 40f4ca7b8f1043128964f5a74572c6e09dbee208 |
| SHA256 | a6bc641109945621f2edbdc35859cfc940ae721fb026527e9b05ad5d5280079a |
| SHA512 | 4dd2fec66b9e2f830368d5023af96d9a5eb0952bff36e315c36de94fcaf68223a6b87efba85481dd861dd1ac064e276b6fc12d779d6074172a333b047e71e4e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0
| MD5 | 3dfa9cf6d2701f56ef2c6b4eae2df1a4 |
| SHA1 | 8b7d34df72589b8493de627d640e024620ca459d |
| SHA256 | 817088f59a509dfddbf243829c7a95f5a5510c15edbdb974d330d99156f8af96 |
| SHA512 | e522e9e88a1493fffd74f82fdf33bf7ac545200894675b45db2f7b1c7e3a76be00b18f6656e35a2ac451f94ab6114a134d25147f872f1874c6e3d65b09cc693e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4c0f674f08ebd72_0
| MD5 | baf362b28d11dc05c8725e00d516ec66 |
| SHA1 | 8909b2e5c32b2763799d0fb1ddfd4988b5d149bd |
| SHA256 | e4355871f928457ed26bc50312a5f415000789b042699f486a664fdbd2b8490d |
| SHA512 | 30e10894b96dbbae6b301986b8a8ee2020f49a86b7637d5b00e4ef9379a40654679ee65e2d2fb6b48840d1f903519540ea104fc92484399e132c67eae53f502b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d145f69efc16229a_0
| MD5 | b8a04f9d0bdd4a590e694aeaf33f91fe |
| SHA1 | f2ae4e43e10154dcd3c0202eefe9e485c950c9a4 |
| SHA256 | 43c102a64196cb2c5b67664feff51910dd69c4263de94200d11254e5e5a1eb13 |
| SHA512 | 9a401141949f726a6ec643a4ea5631a6586234fe1ed2d6b8bfab18ffd6d7775c3185f6da1d6986e69969cfc6c1493d59de8ad91181c56daa3405adeb0404cf28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0035fab76dcac224_0
| MD5 | 91c01959a18abb284e198a6533994482 |
| SHA1 | 010afa890240ccf1b7792a7679472513e9565f37 |
| SHA256 | 1785a55bd3d61e550f299f6392d21f70be0bcb50707a581c215622e9ec0be211 |
| SHA512 | a92fd29b62357aeda98f79b578544e5bb7b0cdbd4bbe47b4bc9ff1c2d073ccba0738653f3eb557545c472348ec489c28dacfd15b3464ada3ee8300fa41ee389b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e8
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e7
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82f14e412d25266d28dffab247a62425 |
| SHA1 | d95f1dee5f07b7d54d4272fcad65fe26c9984720 |
| SHA256 | dee8622b593830806096128f0ed942525ac96c311aa3c2bf8c411ab6decdfff5 |
| SHA512 | e7a46179cbb6b1be6504bbd1d528483e6d2562855c689420f28bfd992e9b1d088e4c91f04302db16a730447f517b6a2f5c87e64ad77400cd752629a328d08d5a |
memory/5292-2957-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5292-3098-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 28188e3e1685b44a659f5b6defd97032 |
| SHA1 | 0531874883ae95cd155bc649cfbc1561d99c6345 |
| SHA256 | 54c83f43e959d58fb3dd5ce507baae1c83deb21c30607d7671404bf8d25fd676 |
| SHA512 | 9f0127e21064181391948d80d378b359e211eac909011ad3bc2ac09b91909c02c187a43ea06f5f8218a84bf7995fd20bb5e0cb7670a7e215504c2987a930375d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 634443e04ff585f64eebf8a8108afb57 |
| SHA1 | a6c85679785b201be1a79dc846403b7c4786f1a7 |
| SHA256 | c79211b68db6ffe92ee5812a9cbb6a4672b2c98c082216335ade79fb069a5ecd |
| SHA512 | e4ae0fdf1716c16dec195345124189d755ebca97547bd207a4541b7c908c9cfcaed33e75ebefa965d270d00f5ead3da15c763c15356e19af5947ecd5f0ae0f7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd90f1b3f867f8c2326102373b24f6c2 |
| SHA1 | 3362a32d4fddbf61425fdc804f15aad382cee405 |
| SHA256 | b6eb7eb38de6ef4ec0c088dab9828378893d3d60c30e3978ed0a69d6f1a6b95b |
| SHA512 | 7baad88241dbcc52fe7d1a7e089cff84d4fd66851cbcfcaae7c361092aba222ff0c635d7b63abbaf0df70d4e45f9430a636f5d23a0863a9239a4428bd468149c |
memory/5292-3138-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4952b3ee995f0e2b80f17566ba281185 |
| SHA1 | 95ddfb3eaa2fdcced175cf30d878d6e58a50ffb3 |
| SHA256 | 3c1bfe58a3a11001a7e8e386ac2a75e4c5d7c428d2d708d533b944d3fa1acbb9 |
| SHA512 | 4f4384d3db456ba52739ae357bc9a2348e45a9a2f876465abfb6666402aee2cb350e02513ac463e11c311237281c7ce7d6c2592816c811b684909b818b813f60 |
memory/5292-3148-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5292-3149-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a1d76ad7c5c81a4_0
| MD5 | 8ccc839011f4bed42efd9484b3bb7b2a |
| SHA1 | d633189583eb67bcb217e1f4c0bb60d79cfea1da |
| SHA256 | 81330b51149ad58eab39fad30994d0eab1ea735e49696c818805f94ae05a2146 |
| SHA512 | 9ac91d1e3391fa475f067b8a754c1f6c74d7e166e4a9f5388ddf4a98a1404553a4fda8874959e26cb4d90a089118ac2cb4397fb95a218e17069e43d9d11474a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3436c832ceabab4_0
| MD5 | 71cb8f927fa415f06c816813c0881839 |
| SHA1 | 843ce1103f276a8290a8d88e4d5826a7e1357440 |
| SHA256 | 7376b2123d7b9d12433221252f4a23206584e81ee75e189fe1bf73d49ea42c2f |
| SHA512 | 342a3ba0e9e3a566937a6418a3281195b53ab9a9f6320718e78f8a91c3c5fcd828b52dc0c47ded7555c8f3f1db59c0b83c1592c814055317fbed20837b515ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47e5051cb297755f_0
| MD5 | b15d827c20e04a7df4a0edcf9f037100 |
| SHA1 | 7e32e79825b14086b7f356f0f91f094ab0987415 |
| SHA256 | 76d9393f15d09cdb6f2db2c54f8ec8ecb77fa0ea0b750c9d77d464a0b5bf52c6 |
| SHA512 | 1b4e0ce730b585fcac5011b98fac483fd78af85c8f43825d3eb481d5a41ef1216603bed44579017a336d2772c63c9e014022f2484f4fd0ca170cf58787b18098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0
| MD5 | e862e213b4d7fbf0cb8e3681cf4ae729 |
| SHA1 | f008ff71e3874e55f47c018dd3d3e3a3628ee13a |
| SHA256 | 7011281db09f924835f6a5664f92e004e0f6cc801968fc19a24a6b4b057e1547 |
| SHA512 | 02ca4df483f46bc187873f0d73715b1a47cf25d9a5591dfb5c65d9d8626246e114214a1a89952d76d3c0c4887b3fa236005a846a90f2d3c55042bb8fab8f1cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
| MD5 | 353a8436fad1982797a81219a450230a |
| SHA1 | bc719d5785c6125e47d4fde47cf014d4e51f0872 |
| SHA256 | af6d7999ac2fc64ad61ace0ad6c4c4c61d2e65e7a546cc6f66fdebaa2ad623b4 |
| SHA512 | 62f0507660368af536f3759a0b1cdd5fa8b5550a738891146e405f81cf02c795e3e68de3d6b59cfe7c661e7c79761203d2b63c98a50888a0365094995ac59c9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0
| MD5 | ddee77e484539ef742ad8e89fff8ede6 |
| SHA1 | 56d2f6639635207ffaaa7c7b75b762a754686f78 |
| SHA256 | 9761eb986ca7d3445ac7911f672bd24e75ce42d1e233caf5702d2c91c00ed2e8 |
| SHA512 | 4517d115d0809acbbf92a6db3bb563fc5ee0cbe6e31906d1f87fb9850882248e681c0ca8bac8847d2458d332aa3ca36e1033eda6d7a907fd270b02eba6c10e76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | b482092992a87d5a60977e3776450bfe |
| SHA1 | a7030c1212d9aec8bcb5ec70bb65d5563212a7dc |
| SHA256 | f9e14d844c3a7ed63f98f69b725c0fc8bd57ab1f95562623047334ac4327f8f7 |
| SHA512 | 09f143ea143bb2b7e60cf09cfc0e2ecdeb6cd9e65b14f3510a778e79366ab4245d2285eca3f6101883fb438ed7cb24a4e24ac5673562f728aebc44fcfa3e3c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b2561806cf1e2bc_0
| MD5 | f9302043c70ecd933fd624532fc7b173 |
| SHA1 | 65eda23691f85d67d01513352a44625f793238c3 |
| SHA256 | 4c6dc1ede0da5a373989587113327dd82341bf3a821f96dee4a70009a1b34f7f |
| SHA512 | dec07467d41010ee0329e28af19d70eb243d4d9e748589c4678e8b312c8ee89bf53a89318557b13d21e4d4fd1a21aeb8f2d1d69bf0b823c2cc54eecdcd4d0371 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a13367197ebd2e79_0
| MD5 | ab26af36b817c83908e3eac9081d64d4 |
| SHA1 | 4414ec1b1e950f3783e713c4429643b2b6fb469a |
| SHA256 | 57d565eadec8bc9330a11d45c74f805f9c23a145b1aec90ca592c53c50a3de6e |
| SHA512 | 1bca3197ccd40a2b76d6bd8b96fe156f48d38779426673d7f87b9bc727bbe387f8cdb76534094e5d68ae4e0c74813e9a069424a9f2752d0136b69ba0f6795bc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8781fa41e6538ca4_0
| MD5 | 0da54afd529230870fddc346b80f3f93 |
| SHA1 | 88e2ce5527071fad484dfc763a1bef38ac90c1a1 |
| SHA256 | 58157215452e519e441f9a2449538b916f1f1aff9571fd72d0833f31f7ef16a2 |
| SHA512 | 8a9209b8d297d708f77ad1d7b6cf232fc5d0ffec14f296364012b82513d8ae15b682651e921d4c185f9f14f6e8ba097d363e2bc3929c393a063f55876c4650f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c3a4fac15e53909_0
| MD5 | 71b2bc74f8116eec7ba07c3afbe51da6 |
| SHA1 | 72e8e44f68c53d51a20414986068967935e258e9 |
| SHA256 | bf76c305f23ddbf86206f09dd35ee9b5e9abe3d0d62e5316b45143e477fb1b09 |
| SHA512 | 476ee56e81b698fa2aeb6cf63066a7b42e6ee98f18d5ab50464c16e9e2d94c586f6a0fa534a3d3a908346236f53ef712d6252c0591f2f207bcf8200c9a3ab9a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 577ab805cf4d14918b149170bcb28da3 |
| SHA1 | 5683815c419033ece38e041478283e44f8d36237 |
| SHA256 | 3f292b1f6ced980028cd30dd2a5799ea7e7580239e081d9b86766cab3ad6e1cc |
| SHA512 | 3183e16ddbf07d36f1151df493a806851b58ffcd4d963f74e8a49b56aba2ac3cb0978fc6f4c3c484edf6f53325eb01825a507bf6f0d5e59b10e6bd35ab2ea2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 2fd03a2af85cef5ccb46877170cba714 |
| SHA1 | 3da04161e7da3a09fee25c13676c037a7cdfeded |
| SHA256 | 3a37f5e25d1031b4dbe70b73ee77e0237ad050f417015e15d36afb486923c3e7 |
| SHA512 | 6b9910b4b7542144097a0d486f0cbd74c71d5c4a20f3cef5f8f0d6026480e56b5be7e275af08b96d1b6343afafed58b5a4b5d42a66e88dd611b22311d49c0f8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9a5b2100abc1a1d_0
| MD5 | 941a7c773df45e5a8a36a1105c7c7010 |
| SHA1 | a1fe4833305974144e642dbc99aead54f102fd04 |
| SHA256 | 44bd744690ac987c59620090cf268e809e142bbb27d14b91aca1fa613a5bdf49 |
| SHA512 | 0b432ba842478f39e541fd64a9a3b065447d8b75802dd8b90e00f49645efc5379729de7950c277267152d2045ac791b622c95fbfade38862b97f2ea05cadacda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd7a323741c640e7_0
| MD5 | 12bd18ef59770c1f4cbf8bed31ab0e2b |
| SHA1 | 19cdac9975cc973677de4c708e54a2cae3857e0f |
| SHA256 | ab99d59465c2e5a9fecfd89ee88c4fb227641c5166951249896683eb4f262832 |
| SHA512 | fcf0e664e32528768839ee50a10da2c642d367f4ff159663570a2ecffee03bafbc3d960e448f028ec40ab8d194e3bd5a6cafec5d5572c7192d13289c26f45452 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | 33d36ad4b2b660b4d672a9179b4fe884 |
| SHA1 | 145043b326603a9dd32676889da5cf045ac6ab28 |
| SHA256 | 112fe051fd571aaa55ab5f1dadb4411d223b5374e8919fb57b977a893d127584 |
| SHA512 | ac09a5d5c991526db16797b176acd704a82178a117746efbcae76b3de7b509b5e66245efe0fdc9d6d999ffbc8bdc0cbb286619999be30a55aeca4570a30d9e76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0
| MD5 | b71d50ac96c56aa90da41aab63174819 |
| SHA1 | 6a8e1303dd50ada41abf99b01cf242dabe1c4240 |
| SHA256 | 789a0aa5251c50a74038e0af95392b35bcf809cab91a19a6936940125d8a239d |
| SHA512 | 503e62acfa988f4dc4595ff2529b19bbffaf82b5a7b7cf1d3871afd738d7debd8cbc02d5d85f5ee3ca5534fa1b3a1cca3a0bca60c08b75876348bc39118c28c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | b06c5d6a4b6459ce4fd2271787a265b6 |
| SHA1 | 61d0d3f5b412274dd77a8f8aecf88637b8c1fa34 |
| SHA256 | 37c32939d16615c2656fc2bee2eac0c66d8fa7eaac5d977176a871e965a1603a |
| SHA512 | 54be8af18ce140c6beb2803f2060fd990d3d83ad5981ecff2de897464dbc9ee0f07b7a7cb14124bd138ff6bbc1991d1f423e472881bb93d157985fcf338b429b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f91005797e8140ad_0
| MD5 | e48f90ccbf5518f334108298bc73efd6 |
| SHA1 | 9c2e5194c78a7ad5714c21504fa697c5fef29d8c |
| SHA256 | 2cfe06114665e03d810fbcc764a06e609900c313d883335663c9051b2240cc89 |
| SHA512 | 0dba050a9d4fd8c4f31aa77d67a8ca84610aa27d5d563591f0d39032a4de4b4b4f3a65f44eb061a6c77ef697f0b8626e45a86020e40ba08bd851866da73b2ded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ead22b0383c12627_0
| MD5 | 04331391180fad4393079e07f2e52591 |
| SHA1 | e96b944662cfb79a72b5179a06c5e4156b7ff9e6 |
| SHA256 | bbaee7d1788dc9d7f3523beb6c5412fdd9deb2194f649b8c300d107a9923f4d7 |
| SHA512 | 8129abad70b92fa2397a5b863db85c8770a836becb034db211448919ac377473f1a606fc9f37e94f6c157985aa1e9336968a89db876321c95d8ccb7deb075af4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad24adfdc0f573ff_0
| MD5 | 4db1af198249d6f9d0e5f12dc578424e |
| SHA1 | c391cb998eeb4aa427bbe9662ad333851ae4dc72 |
| SHA256 | 361b0e7bae2b3a37526ae148de158811ec24cbb3e1f69ea3e9a6b4ede364efec |
| SHA512 | de32ec31276c8090ca883e6f3c6ceccbd282e4e8631d644c5dd4ea102c1e99b8c238cc0d38a8438902806db5bce2ea4979ea40b3cb292225569fc46e34b22731 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b75d3eaefdb40eb2_0
| MD5 | 6371cb829fe2fc0ff3ed7dc68517a835 |
| SHA1 | bb961251f32f197b0652409fdcb4559206c21958 |
| SHA256 | 17ef1fc7e0467e0566740687651953e37a173338a6510f4e2feb990cd763dae0 |
| SHA512 | 61b8bf258463d0e93dc7233272a913ab4098f21efeeb179a5f4770b3b3548e4d0282142741e0bcfeeb0238ca3f0f62a95fda80893555273ec041d07d3fa36855 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | b87c8a6f2268449f4c033ec0afb1f0c3 |
| SHA1 | 249b253fa6a3692c0c9f739091ae60b98777f51c |
| SHA256 | 020381caf11fdc1c17b6cd29113eec91f93d9d0412d274f39466d9575fd9138b |
| SHA512 | f4870b03d7ac226e56133a8d2fb6b2a83e786bb286295d2a6ccf97f38a66539d296dd100a66f55bec6a00fbe33c56f386e89a9c639f0c2def408d3dc757b602c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c760efb1763a2a3_0
| MD5 | c0498ac5dfb58ebc78b2faa3670aa90c |
| SHA1 | 055d1470606a5187b7c140b9049e488990a54f59 |
| SHA256 | af8e3fa03c9bb335584b006aa2d9226ed2b3a3f9a92676eff0595c7b292cc3a2 |
| SHA512 | 40d34a7d608daf008d1bdd455d984e7e3bee7c09161cca47cf7153a279855ee97dd028b40679c9008bf6d9a84b67f8d762e4f11cb4d96a7f191ef05de7cad2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0
| MD5 | 345f3bbf5819fa64d51b22690528ed3c |
| SHA1 | 8e772f548cba1a6201893c4c169836571299362b |
| SHA256 | 214630d6cf2ffd22ee8f119248deecf8b26b29beae9b8a7708f16fc2abc09269 |
| SHA512 | 430376b7cb5f054263330251d2efae7e920f57bbd2ed852bc3cf831ddc89b2ffcdcd0cc85788a06cf8ea70de4f05b2754ef81b21e670f13e7803382230104b10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0
| MD5 | d32cac627da97ccdda8fcb84766432ae |
| SHA1 | 3b9026a99dc2ae52742e815d9d49831116791495 |
| SHA256 | 341caa88db69936cb457e9641b5bacc97495174c1492f4094d953eb56456d44e |
| SHA512 | 55fa539627bef6a76789275b787e5c07c9b1e4222b758550668514f723493372991955213f2a37200f37aa2648300607bd06ec1baaa5690ccb1a2986db72c598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42a7aa708be25073_0
| MD5 | d238f6caa22df873a0e55f536932fdb4 |
| SHA1 | 17a5b65831f5c6a17522e8c42c4ae537db85d882 |
| SHA256 | fcafd3fef54950e41f82d2ccd55584f7c843b7f984c5fe9069fd7355a6e2d683 |
| SHA512 | 3b17ed44a723b59687369c63ff786134559f6ceb7778a2647558b512bc593633cef25201230dd5c3aa125f3d32e22ab26cc1c422b258912991119bf0c8aef3a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c3b833452330e40_0
| MD5 | a7eb85493c2f45a19056828097c69416 |
| SHA1 | 416020eb6401f857fc77f2571c7f764fdc836d8c |
| SHA256 | d6ec44eb86e71c8e1a28492f60f73467abfff375878cdc110bd0879f49a5b4d4 |
| SHA512 | a4b863459541530fbe5afc86ca75f28aebc2c5c74449d5827af399a7c6188614c758a7fe56ece4abc8066cc7bec3332493d86294b26b1f4ee83a51214c827e21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80b0b527f4ce993e_0
| MD5 | 14a633f56f010cc6fcfd060c3c44ff79 |
| SHA1 | b2a5ad1711b49019daf5cf4486cd2e4cc883af93 |
| SHA256 | bd162a4f7f440c90bee7de30f8a2dbf7c0dd7036c83403d780189ae72a85dc1e |
| SHA512 | 2ef41caf21402fe72ea63380da732c940639a5a4de6dad7c35425e0afa7c6c50fe6626bd2bf6182efea393d8db13957a2bfc13c3a4aa46c332b507d40ecc3b28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794417c96d8ffeee_0
| MD5 | cef54c3d8a399d92ab4131bec240bad4 |
| SHA1 | 39bf9d26e1857af4ef42d6a162056e59c61444d4 |
| SHA256 | 0f329ef63bb3d4b6e3a17ab6c43da91d8218b1552c053de8c35728b985714245 |
| SHA512 | 6c23e1868a1b4ae71fc94350acaa7f1627b07933a2b90773f178f290795419078cdb80e0ab00e3aaa4c83918f66675880dc4cf53a8f580b95ae96d8e4494dbf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aaeb9d091ab6187c_0
| MD5 | d5117cb99ce4cb980d6ba1f1578961f1 |
| SHA1 | 11518debcc58354a31083c6f253501d9077fdbe0 |
| SHA256 | 1bdb34404aa48d132ed07d845dad64f3cbabf4bd19e6beb17781ab01762c50eb |
| SHA512 | 5f1c0a5ce98b0960ec34760fd475862eacb9eafc63ff095f55a20e066bc5e1cf4eca88e4b94d528e41812eceb00974b520094af9e2d91cd6cfb7c7f0e3cc920e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0
| MD5 | 619808e61e5b4259c038806b8e7e55de |
| SHA1 | dc2d339bdb85e1a0cd931a1fc843008bab25cd73 |
| SHA256 | 63f728fa3ecb65136e94b4c4c8380f201c18fbb578e700fb73cc848b79ceef6f |
| SHA512 | 58b235a05661aea61b168ec6966ddef737209d7289e44de8378ea81dfeb3ee1f4423f73500564fe68cc6a788afc72e09d8eb6d2f840c99203d0f80004ab41656 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 8d021073fc62b36ffd6b75bdbd1c6854 |
| SHA1 | 237d4c8ef581bb6ce30a79a3bd7ddb3188cf49e3 |
| SHA256 | 02d256ee833e377ea9624cca11dc3226206b472bf7e9cf795b7999d119668b76 |
| SHA512 | cb6f378e5c0da42b93e4c220436c0bbad91b63d1fe811c96bc71af2e097cf1c721eea2292f25f90d1ebc0174ab9f13fe1c4f2c8ca87e9774247b702a138b3256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75ffcd5862ddad45_0
| MD5 | 387f5124a345f4942e0b5b3708fdf910 |
| SHA1 | 2cf19b9089edea941ab138930a494b817fd5c873 |
| SHA256 | c2f7ff05112ec351a47d266af75fa4f093be082c0b25110ce098780efc6f91e5 |
| SHA512 | f395858b682d3f7c8df224c9da220fb48cb1fb964c1cfe4e9007060a6abf74641847d2b653b51826b4790034169b63ca632e037373e4f931131cba881c1d18d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 4b66a10a9d0282c27bd026da06a523db |
| SHA1 | ab58922c5e43683c20af3f1a7d3eed630f2d580c |
| SHA256 | 37a74a9c152dc1767584d80aa633d9bef17560b19cb4f2980ef3d5658a221a30 |
| SHA512 | 8b8b8b4c4f3e4fa9cc9e42eb933e96f402ae7b6e6edee69ab8c795d6ca3033b8e8948751bc6ab3fbfacd0a1df70418a5bcea4d9405989452ddddf7725779e7a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d48a9106aefde63_0
| MD5 | 2721ecad0b85d0e3e828596a015c12f4 |
| SHA1 | 8cb8f44bc84413fedfc532b8f6bd9d324700889b |
| SHA256 | 4d66eb6e26cb9a1ac49cd6b0053a7f9737fa35641d3f8e179e2fbbe3c7e927ae |
| SHA512 | f64c614d1553c0c8d114df92034fbe7a366f22535417db9f077b78864bf7d1fc5af5c5c0cb37d5232b42efa9985bc2cac95eebd3cdff3bd44863f78b779168de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
| MD5 | 23a580901d334dc299c39721cfddaceb |
| SHA1 | 9d05c0bd661beb797bb6498235b265abefad3631 |
| SHA256 | 25e07f702e69a795f411094d843404f47acbb50630d797600520952bc42c416a |
| SHA512 | 170ca728550bb2e49cb34d808e77b0c2ead14c7a627b9cfb5b0ceedad03e07e917601b934f92721ddbeaa0f1f54137cea0f158c57a1bd47fd47837ccb3d9c469 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0
| MD5 | b0aabd6b8980a5ce1f9eae9bb36c5ed2 |
| SHA1 | d8c9091e434f1400450e6e0274e56260f5fd28a5 |
| SHA256 | 747279e73b1833bb418f3fd621e9754532e32facd6b1ed26868bc70fa71984d1 |
| SHA512 | 3abd16fd8f0535b89aeb249c465f504d8c00c1aec704400bd0c7a07dcfccdd70122b881c157f867f64f4d964ca21cac1c2a053f3d301f902fe49bbb1540b3648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bc53205118b9d5b_0
| MD5 | 920b21c8cf5ad16434447d0bc5b3ebbc |
| SHA1 | 99fca52ff267ea988735f77248caec22fb84a328 |
| SHA256 | a431210a12fac643990eda76afe36ebee5021ad30d311250a4914509b6aa6844 |
| SHA512 | 762781cbba7e731dc78384d5dac5a12b72fa2cce252599b05f65acdba698461d13ba1f53dca613d4004b0b8618080887c6d760b18c142fd42646abbac13ec88b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | a12147aa8b48ded4ec81b2f329b2af2c |
| SHA1 | c4f42bf8ad10bc13aaff0bf11d885f3acd91f4ec |
| SHA256 | fb6c67055785a0fdaf3dec3bb8958d6976a5a1ccb80428366d5130d3ae2180fb |
| SHA512 | 160db85a7d575f7d7b183d241a30c8833ef4ac8c65fd1fd942d101327eeff1292ed4bc17c4190f6c59bee8c8105b2e0f21e7f78cfdecd89e965bcfd240133518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | a385bafb15818b18b868ee1834fb0db9 |
| SHA1 | 68feaa65070d40534c5a256fa3b83a5727784aec |
| SHA256 | 90fcbae4b471feb755af9276ea7f684607cd0dd79418858d224cc16f79e4b77c |
| SHA512 | 97c33b73f53fabbd6d055b059630f0ed594ca5a91df8af22e5ebc167b0615ab241a2d093fde4fbf7d9507ae12ca55752fe3f3a0c01780bf1327a80977ea0bd94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 2e9f1281d83789aca7159c1ab798dcb5 |
| SHA1 | 9ff31646500caf49cce52852dbd09584121ebc97 |
| SHA256 | b30e6ed4f86c3d1e8be33159f619a5832dc23fd8338a1ae74506582b9ca14bf2 |
| SHA512 | 152db18defbe39e2608a940331f380e0f2b54e670b6f2b68080d422b060d87ee95af0c1b20f63006871412a4415ea4b5cd52fc1e18f1a3a65aaa6e58bb6c4461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bcf3954c5bb22f7f_0
| MD5 | 635c69d3ca8352696d73848236e8d618 |
| SHA1 | 7b581de7e03d604bd537a9b9dc4568d73ad5a13d |
| SHA256 | 261e5ff9be14f63044942a3085486be6514bcbb64e67564384aea59e873c720a |
| SHA512 | 665b39c2d83f1d804b5c2803b190b72004d0da7cef6ac239a933d6939693dc13108cdd2cc49dbfc1b1d3abe2e59133564d5e9914a57e6859fadf6d77e187a859 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0
| MD5 | d0588d2c60c98170789e690ddbc9f4c2 |
| SHA1 | aacb2dc83fcfbe0e096c4f35c7ec44536eb60e0d |
| SHA256 | b27551c67f2614d64c1528431e859ef76aef33639ab396f0e410d90627558419 |
| SHA512 | 74d5001402883385f7c01ba5fb502d4213c5383ba950a86ca68a57676e9fc5f217dcbf8e609cb2e5b4a41f46a840ef57d2980d3a5346926c7c7113dc292ddc05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0
| MD5 | a1577ceb5b558b1502a2d946311f572e |
| SHA1 | 7892af0ca6744c7e093ac365b768afa36b1b9f63 |
| SHA256 | d2fd138fcb84bd1cb411e2048ea7bf59d6ee800474a204e20154c0b004dcf924 |
| SHA512 | 22158953047cedd2b1dd1c30286c2ebeeadb81e6b5478f60543e9e39f500e583e269de130f5011819a0cf0cdefd57b98d3bb0e70290cf99cb2881ff04fcdcc89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | 792274c7feb51c8c1ae7dc5852693eee |
| SHA1 | 13e19bcdb54510310342c9b10fb7dba43efceed5 |
| SHA256 | ce28bcc0b7be78939134f2902c5228731d4b965564bb9c4732aeae91e468715b |
| SHA512 | 5444fbe57caa2ef83b8f45c98583443baba1f94d9d0ddd5470506cf55e1c721dcb33f530798f9a8f2e6974e0a2591f5495c1938543a8b3eca1d3dbb7858e0e7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0
| MD5 | b311b61d4306b505970162c9256aa32b |
| SHA1 | 419bdeb62cb6c349fa8e26786b46dea2714752e3 |
| SHA256 | 3a4c612029d2875e18e6fa47f79f5d657e552a7c0bb0015a8e5cbda4cb64f784 |
| SHA512 | 48fb737c53a775ff9bc1581c9a1e73e931d0e20c00f1ea4ce27800f08148ce3849073f4fdc542ed3ca32b01d0400f4ad89d69b594246b1b1ac8f65e0151d76a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87e1ffb07d850b0f_0
| MD5 | 2124b12ab62cdff947a7f11c22a0efe7 |
| SHA1 | 3943a36c1853cb7e5d31ea8ecf1a36c616171cb3 |
| SHA256 | ddd64f9243efba472afb6eb74375cadf34936c05baa604a3a081965f76a04c97 |
| SHA512 | 57fde679c975dfe3f8addb8a5539354d716da1209d3c2546075e1e8bf3a6a39b3287e3d57031a99eeb587b42ec84fde9b98f9311763f7f79b7f82041758b4bb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 1a9ce073d12d2fce0f7da722d3d3e641 |
| SHA1 | b9a02af9d99d1cef94f3e939fcda5d920953b4e7 |
| SHA256 | 4b8aa0214daa17a46997ba97d3b0fd8266864e64ab64aeec79e773e32e3d200c |
| SHA512 | a2666b3d2c7fec4b641eda4bfe0c6fbbebaaf34166c9b3504c950f55940654aaf779b3ea7f90fd19c1e64a6e233aab1f612c104458b211cf97cb26a5bc298dec |
memory/5292-3407-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf40cc75fc561481ad9155e7a092d6cc |
| SHA1 | 72f7abc4d6cd468925487a7b36e14254206b5456 |
| SHA256 | cad1c34b5b3a085c45504db4c1ea185de8ddbdc53ef862720e079eed16d46439 |
| SHA512 | a771519f28725b2457ceec74cb434e6acc49bb6a5593d33c4ac79e9afea3af4dd20c42e2065bf5e508edf21ede7bf11d6c970f4e5adda729cbfe1e5e01f033cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 686228b55cef00a8c313d3758de56025 |
| SHA1 | 45f21c0c9e2be112db52d64ebee166eeea9e301e |
| SHA256 | cd7148b41df1f16359346c2823ac1eacbc9439ee5558c28a754cc46d097108b2 |
| SHA512 | 2f220d6119725b112c914bb4aa93bcdb77d2dc9d18b18862526669490f65ffc54f26120d331aa9a464c144fd4fad97d73db4805b3bbe9dd2ed332974aec68858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0774ca80-37eb-4fbe-9684-fdc2cc42a5a5.tmp
| MD5 | 86e78d628bf45f9bf1d6b49bb35cb9b7 |
| SHA1 | 1897237a3f01760b680d1710284a4df5e1f92ee8 |
| SHA256 | 32fd78b3650f0cbe2cd82da20a78c19aa2072fe986c0150d928840253b3e2211 |
| SHA512 | ab3954895e8c7bb22f8d9fbd87477f1294c34037e024ac8a2e5d10be6319520ee9905cde68cf4c2b8e078564de38e6abdb2b5724134d6eac80042b480c1870e7 |
memory/5292-3435-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf5103c54e00e19ba6d357b694d4c74f |
| SHA1 | 0b2e3b9d6c7fe5425e3ce141458cedae5af5aa5f |
| SHA256 | 241195cc489719304872aefcc06a00f8ae7e6a3710738255ed87ee2836f73bbd |
| SHA512 | c164f71a6ec4012e10be0ac0a418ef0aaa8c082888ca443783349e46d63ac99a2c30c441a941e4eb7e7c136a4b4c3e4c4791611b1d458d06fdf475b664cfcf6b |
memory/5292-3445-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 397e5142c2bfe08b1676e0f531d2130b |
| SHA1 | 5f151fa047e9941f55e7f7774017b9ef8f2301c9 |
| SHA256 | ea6bcaabcc5c7ee6ae1b9a422423b84d851284eea67749f997d2a6fc5e96b0bd |
| SHA512 | a764b69848cfac4b0bf51ff74593cf1ab399485c3e1d4707d855879b5586422fd4a714fc0877fc0703826875010b7f90588dd9b4d9109595f86152e6574beba9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0
| MD5 | a2e9a402d69c45838b64409164e0767e |
| SHA1 | b8220475d355297383bbc486bf2f893aa113fdbc |
| SHA256 | 58ab4dfbac8b7dd1122180a07e4f92083199a0a901991ed45c9ac99348ef4024 |
| SHA512 | 6805ebca7ed2de3ff72bc78037705c2b43fbe8e970e3807c2d81ecf9b83e33c1b775e8049eba55531daeecabc839c0aa656bd06d426f5fa70f49797204355f39 |
memory/5292-3630-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 673c321454bbe10d37f59e4b2b6bbac7 |
| SHA1 | 2c4e7329e7f9834e69b079917cc6d791d7d7e774 |
| SHA256 | d3298a66f18d1d5912a35109de006fa80ad14927eb26c877b76c91407ef7e51a |
| SHA512 | fb8cec82d0a1bb8e4b73559124867fe078387970e7075ac3b6cf725c0d9853df5441058bb4098f39e607cc3e7f8325db090b4cb0d1af8425fe6b8ad1c5e9c676 |
memory/5292-3668-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3205216d849f66fb1c1253a570834141 |
| SHA1 | 5411f48f7fbbe34f74d58dccc2026a934f403864 |
| SHA256 | b7a310201530d601f254e4adab622c81a575a40934bee48bd04533a84360726e |
| SHA512 | 53f20eb4e3baa76068301261cfe37ba0ee6fae4434c07f369f22288d5edddf40c79269d5cf15e455b6ef09c1fddd55a520fc6c5bbe5f7618f1822b1cf395f3e3 |
memory/5292-3678-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cdd883a70ba1c2d_0
| MD5 | f6b8c04c40657c720f5dace020c65fa3 |
| SHA1 | 4f7fdd403319912e763558befa3ca8772cd9690b |
| SHA256 | fae6fc5ce0b4575d9823fb2a30b341f47cbde13263ed16dbba72668fdbea78ad |
| SHA512 | 395d14ba7dd61070ca0930fddc2894cf50a44190d1b8dcec48667f3ab20bfcefb07c8148549fe9671939d6582a9ca92b635579f12bc64db0948d92f76dfc4971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2
| MD5 | 802dc3898e04813167ef270f1adf3c55 |
| SHA1 | 03885da2d6b4a83b619c797a8d48f6288cc79cf6 |
| SHA256 | 474ef6f98193d29e81a73d37f6785ec393de0ef6fbe927f3b28ffff2eb3b5e86 |
| SHA512 | d14fcc1613c9f2757a7b2953c478fa44a4ee21a41b40bda5ac47b417f1062f00f179c5dbaf7ed4a6df0f90451c67e6216bf6ee884c5e0cb06e5f27cc70607749 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3
| MD5 | 69a850972c7d424e410608664a163fd2 |
| SHA1 | d19d8b80c36bc6b1a8f70f63a54a5e15d60544c4 |
| SHA256 | 4635d13be3ce718b407d72a4da6413f18321d34aaa91dcbac14e3b9cd4d19961 |
| SHA512 | bcecf2c4fb981f9bc3cf73c89ca593c051cca8e76aaa0ad21f2233403fdd36a3c1c3f05f350cfc360a92ea353b31edb7433f78f82ad17299a17c13fd805f0ccc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\967add3f532c1153_0
| MD5 | b99cae71dd454910f00f9470a927c9ba |
| SHA1 | 1a446f4a4b77a0201797d78bcd09e193bc08a106 |
| SHA256 | 31df3a9640670397fe9c68d879b25f8ef4673102800816ab7dbc73e2a460ae51 |
| SHA512 | 5def7fdeb1ab52d64a8ce3406cb8a6b7243da34a28d61308ea7aa93df9df2647e8d909f331ec07603d1cacda562f004549bc7c15536e89ffe5f4c134dac6aca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8acdc6ed8c6be73_0
| MD5 | b43c72c20c3c14b695f74cb9520a9246 |
| SHA1 | 102a094d97d4ef309db99b2faa0a926e29062b72 |
| SHA256 | 16554d4a2da8def616e1de6f90b0a076c57dc5c666a004d77ec1a515d7474d65 |
| SHA512 | be1fd26a5a7eff3bdc98efb467c1f96f89a1a0154e92b0e84d6d180cf27290bb1abbffdffb45932c6b15d8fa41b392e2e09cfd8cc9200a647b65bef9d8cfb303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5abbdf9f7cbb945_0
| MD5 | ef7b88f60af4893e4465d4dfadb85a01 |
| SHA1 | 0ea3b2a766e69d461653e388998dccf3de8b40fc |
| SHA256 | 6e096d4a88baf9acdccf24eec71e903e1ae764d6f70d9ff86358d208b0bee9b9 |
| SHA512 | e9f7ab8dec7bceb98c8c814ef8dd4f337fe121f42089c9c888cf3e3925b0f9fc8441e216177a87ef1c8fbae5c9387ce1569250bc372657fa18b55b47f1323ed0 |
memory/5292-3810-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5
| MD5 | ef4af3c62d2e4ee270c2558e5f22117b |
| SHA1 | c0ffa5a685eeb067e3dbfa25a2c66f7af2ba3dc6 |
| SHA256 | 3092ed21a077656ebaf331dd3a2404336ba7aecc29f74bb49506d1cb905b2144 |
| SHA512 | 02b68ba6c14a94b044a4362a4a5a88d591552b330c3519fb365d937b4a31b24c72c1d1119da46c4851a0eb15c279bf237c3890c49dace4a409aeb4a13244572e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6a58b6c27d89a02_0
| MD5 | 3113b709f287e0f8242e282dcc6bd2f9 |
| SHA1 | 7e5460e81c1b3138af36fe946a95a6e017f5e41b |
| SHA256 | c0f6a93c0c7ce72435d13aeffa3facab939c16ac59c8effacd57f01e80b1df9a |
| SHA512 | a1ce169e5ee08f868ade55a1e875d3dcc9a700607cc8af58fc5411bcf49076e2591e493e49353f8323e634a9d9d842eada48ad9f4053862e69950aefed1d3a66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30f0bf6945a7fa957b1041834ffd4721 |
| SHA1 | 9ce1ca86d3136923a7f853106bce5dc5ebe608ba |
| SHA256 | 8af1b889d03d3dc01019c12be8275a704d4f25a0a5700bbcc2b805b146713335 |
| SHA512 | d7d09b9a13a37ad695b4b1990ef6948616a85e3d9551cfa2f921c6be93cbea3778d17855f58626cec5bf01cb57a64a94c117f0326a5c1b4890e87495ca528ce2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7909408a2a252cc28c5f4ee832d0e62a |
| SHA1 | 1b99c5d2f33384e7aec406481b7abc495cc30b59 |
| SHA256 | ac4849409b86eb9b490cb52f71024916292306137d6084937774c7966d8ef25b |
| SHA512 | df6dd2118220cd78faa6d5a93bee6fefe934dbe2da4ae30731a5937ccb465f7c8597dcc837cb2f90fa6c1dca09e06062e49a0a6aa55a40067b34009b7d95096b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fb39168c677abb2_0
| MD5 | 3677cec789078d0dc3f0d3bd88aed1c4 |
| SHA1 | 2c4538c2e35bbb9609eb1e9d16c954fe42f2ec49 |
| SHA256 | a93e0200596865f364aee677e8586757fa8c5ab69b29054750576d28552ae685 |
| SHA512 | df4f36e71c5892ae5ac72580e7c8d1293ef8d4b106a2b689cdc70771dfcf2eb04a3090204683f517dd8606e70795e9031c12eb7e2b9f697531eb8fe7f3687eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a93a5af80c0c9ac_0
| MD5 | d70810903bda713d4124d2e01cdf4cff |
| SHA1 | 1073d36aed5b5ad22591172d0e916cfeca8bf1d5 |
| SHA256 | d47b292d1008183e94bb50a823ca6ea2359c43f1a13b2b9e2c1b28d5019390dc |
| SHA512 | 7c5678bb9a99324a561daecc7832ea42d45ae80f6d8da35eb89b675cd34fe6bbfc3522695c5d31270d3d925c4a68dc1c5e858e356a236b077a8ae96a2f4644de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0128cb37c89caa0b_0
| MD5 | dbbe55ee9889a2bb603721bc2be717e1 |
| SHA1 | f507498285cac96343d41bc085384c8414e4321d |
| SHA256 | 5fbf9093160eee70702afb5906e8b20d44177491f6e799d9110eab60f7f9f14d |
| SHA512 | 835aaa98ef3540d66fcf1e5b27bc07aaf3199383f9ce02c191d5f2efaec5727997782ca18aa6ade8ea9ba38a79c0a3cfb4b1731dab4dee3d1213826ec100fbf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0
| MD5 | cf30bbc87737fae4d03dfab917093c40 |
| SHA1 | b04151760596e27eeb7e3fa05a00e01b7ff81df4 |
| SHA256 | 99f4fd77bf284bb50899e58d16bff14d1bd19766286a5578dce0a2f34049b895 |
| SHA512 | 26f37153ab6e91362e08a1e26a2a190dc41ed23433318f6610c361b7c7f3e8475423e4557d276404bf6d86ffa53757fcc94322a0a28be2d0bd596eadec3d3f71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5be1c88c17c9dbbe_0
| MD5 | 3fcadd0542387a28ae016fd5b3e4d8e5 |
| SHA1 | ee61fa1622061e3dbeadc3deeb280657a93f4994 |
| SHA256 | 23a4be0fc8078cdc224c2d8e8914af75cb60089785b9825239e51d8fd2b59b2a |
| SHA512 | 1a089f870a3cbe63fe9473601573f7079cecc3d97e6d58215d8a7f76d11811af7fda798da9fbd316bb154aa8706e2f9e9458c5a3a1ad607d082bd2ce8611a7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | adb98861d8a3cf6e177e2a2051aa0985 |
| SHA1 | 83c0c2646ed349bcd7ced0dc346809a795a787cb |
| SHA256 | 1db5454f5d8944cb16a132d23e126fe21900275153bca7e4256de82ca2b9a9ed |
| SHA512 | c45ee6638f9c79798001e6908640904548a5806174fc1a60a10c487527d86f1a3d0502c733f9b978757127b6053b636b488b7849ceaf583d75cf865a185de8bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14b505aeae21b5a96d4c743fd124e350 |
| SHA1 | 84bf415b7bb9a2557f003d7bb87b707845adb027 |
| SHA256 | 38036ca2197fc134320f3b3bac7ab1561c77a5bcf460b82ea0f9ee580979c3e4 |
| SHA512 | 16d2c77f1acc5f37a4173b6bae8da5c062ef8a8ec9dc6669640804b3e7625a028769da30a448391789d721cedd43bfa6a19cb0043f93d796839a9bae4fe99483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 14dda26709087d97448be3128715a21a |
| SHA1 | a4e07fb74cc46a28fa69a7513db4f51d5cd38280 |
| SHA256 | f3aa8acb5900f7536285e1fd1aa91663c2891c70dbbdb58c0dc6baf8e1a332aa |
| SHA512 | 8281d0cbb581ac3fcdbbc178d38db458d580342fbd6db9780b38587fa297bb056301e89ec785976b234d0c2bb9a0e71b439344fa9e9744eb8ed6179694b7e8f3 |
C:\Users\Admin\Downloads\Jigsaw-Ransomware-master.zip
| MD5 | 5596fd854875bee824de61ed8c6508a9 |
| SHA1 | 11ccd44a1ddf182dbf16137ec270e760be37c433 |
| SHA256 | ef0e14a9813a9bda9808bebd309d82348d03ef94913932694bc52581c8de94a8 |
| SHA512 | dfeaa43bb0b0409e15d91dcf8b9e943c45ba233a84ae1e4d805c9f025e74fbc18daa53f1484420cbff92280165bec49a8efc61a33d049356f38954f9bed1a18e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be9601af5ce46a2382c29280bca3653d |
| SHA1 | 6f9aef0e90e5295644f1d397d06d98e35eb893c8 |
| SHA256 | ecbabd9233a0a4271342c5c44d1fc667c6bd7a8433a95c454d0c067ba7633ca5 |
| SHA512 | c5d0510046681cabbf108c5cdc326a2abca12b4a1be4e1768a1e81f5abcedbdec2f191de140995dee16601ef369d2f443cf76583964b19409e80eedb96d68b06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 114cdf338836579dd0313995e967fc33 |
| SHA1 | 0b794d7c997eb9656d1f19e75849be53a16677c2 |
| SHA256 | 3c75e96ccdc3c724a23b47ad386eba600ff9d9f7e5a7a37bbd648a7f5edc66dd |
| SHA512 | 8d6f0014d9e8984ad3103849e83228d9b4cc2db19c9a124dff1fcb8ec09a8a2e3baf09453cf96394cc5071cde647cc45153b2b51534d98b8fc12d104d93a940d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 526168c4e866283ecaf09d55e2729beb |
| SHA1 | fa5ffd85ff0ad4710bd575f6c4e9e4df41cc53fa |
| SHA256 | 1112437c291d680d40b1177e721a1b840d6d5799c79af34ff8f65f84deef9f29 |
| SHA512 | 4e11186b80d91cb0f3e83a91d4a5b1007ae681c32ab0530fefc9e0356baeb2c17d8da5a7c130dbb1fcd57abc7d56e68b508540cc6b910dc5d2754d541a26c2ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2206729e262458c8ec28f7efbe2be2c2 |
| SHA1 | 2037c1bc603ccca987525609b1cfbc9e094ff336 |
| SHA256 | 6a1dba1e0876a139b55be9f24de6310c1a079b66ae87e570af5addce64347d03 |
| SHA512 | afd106b1ff235c2f857fd51eecc81755c4e59cb183abc254b7bbe231cf7a9bd8b4f7db8065c823131feb7e69425e3550f0791e04b7f6eb7e18f9d7f9ae5476b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0
| MD5 | aedd24f1739f64dc909aa61eea865f45 |
| SHA1 | 9f0997b4a61f9fe7bba4afca6ddd3e1de2e8fa58 |
| SHA256 | fa3af53e574159315769e61e2eba163e38593e49812b2e8b9e7593e8488f2ba6 |
| SHA512 | 5ea40adc5140bdb1b11c2e289f3668140554811cee527cf152b381b3b304bca8f988d805d594cd1b8ae4ffcb5993c04f0f143b2317a6a7f64a36b158ba454579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd25918e0ef5054a_0
| MD5 | 4de9deef8173f057ef18488497b606d7 |
| SHA1 | 9878a35fa53df3ed3be17bfa657e1a684911dbbd |
| SHA256 | 5cf41eda374442ec17cffd24a3e902cda88decb962887b92ec276ff60473040c |
| SHA512 | 567325bbf4be516e262f3684118b824a12b416ec0cbae37be62542ffa95fa730e5667f14ea18ef6e48a00ad35e5d5f0e2027d1fc0e48bd37b8c00d91c44287b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c04e4641c88f6060_0
| MD5 | 168de1ba103c38589aa56d429a776acc |
| SHA1 | 34a792ce8db89c7608eb2a8869d4c2738278ad19 |
| SHA256 | b793f72f83a07df88de7efa1492100baf01ddc95a921f444950260352a2a1f15 |
| SHA512 | b701a4f8d68bcef81981efaa53694ef12db2cb41960e2e540f85dda1977c8f744967608b55210b5df2f634b6b077fa5e2165294c6daeedae87ce18117da6eb92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\968677dc5e6373c4_0
| MD5 | e0f7ad30756d4febfdd6bc892b14f017 |
| SHA1 | de57dae21aece63757b6f9fa50069748544f49ee |
| SHA256 | 4aa2070c9ce43f909a0b4f15d5536250fc9c7346c9440e7b29339b40939284bc |
| SHA512 | 7adf93771847aee15c599bfbadc33242a231115492abb70ef69a57f190d357a0546caed8565fa5ebc5837ab0d839ecc7c2487ba1ce264525d8c38d9902f0d0c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6f52754e0224cb3_0
| MD5 | 98a6f91408502d6a404fdb342bfdb99d |
| SHA1 | 6ec35871fd34aae5e1d749be7e04807465d23320 |
| SHA256 | 25164be035c806d6f90b04434fd437028502f695ab750348ca81f001c737693a |
| SHA512 | cb8dfc127663030b26e52eaf912a5ad971e5f70f0e1825fcc5b8cee04d6e2b9dc06995fe87b16d7b5300cbb51548222c3070533567811608bba7d13479c3cc0a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0e23fdc5797df16d5f01efa47ae33499 |
| SHA1 | ef645f7543bb14c36053b2d428aa04ca383b6763 |
| SHA256 | e09e345dfc2d8ddbb6edafebeaf9cd99cfa383e4794454e4461d3754e0ed1676 |
| SHA512 | ba306d82d43a93535470bc8dfdd95bc248bb0f161dabc2674296016ad58d4ac14f884ef8d03433b90dadba061a45d63dfa8193130655aaa2b8fac619d9f063f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7653242f1c0e8cf4ae3a60487c82e6e4 |
| SHA1 | a9028b99afae90ad870862a9a324a2f1335c350d |
| SHA256 | 9d455fc9affd92c4c692ff35c3abde4e47ea206171180edefdb672fc798c2c55 |
| SHA512 | 899eee6ac6f81560f3351b966e45c8cd18b2128850946d690397620bea9f3b18f9b1e42596d8630e42c4a35e3ce9d84404a6617255f78ad7c7f7ce530b572720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c527d65e1ed3a680c29d40995a35b171 |
| SHA1 | 1acfa3239d6fc0ad1057b2c36a611b0af04b0c65 |
| SHA256 | 12b0f627e407b66ac26bc279e5027db4b890ab6d79cba3c00d581ad1f5063e72 |
| SHA512 | dc5ab52f9cb88e54e1e0060fda6cfe11500e18c8d844225b7b5b11acf53df21f5a4adadce9882cd3358de80d30ddbdafdee4b924212f3f02efed44e75185245d |
C:\Users\Admin\Downloads\Bonzi.zip
| MD5 | 65259c11e1ff8d040f9ec58524a47f02 |
| SHA1 | 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd |
| SHA256 | 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42 |
| SHA512 | 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f78f7571ef4334d01e6625a1e787248e |
| SHA1 | 7a9b9345ff3bfdb0647da39146962c13e4a96468 |
| SHA256 | 8dca319cbb388c2748dd5f850942a2053ccd115575ed75c255bcb5b4244bec7b |
| SHA512 | f8d2f3a7c7308c265ff1f6697f98a72ba0ab08b71761e6596da0d17b15f96304cc21fece001a60401491116b69df89ab23f92c4d3e0945dec2685ff0bc24789f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ee9841c6636d26c1ace7aa50edc300e |
| SHA1 | b34b823db83aaa2dc675f3d24d58209453ecf549 |
| SHA256 | f6a15483929566fda0b6e47ab55cec0727f0ed690dd6218e41bfd8082a925e9e |
| SHA512 | ef9be12312a94078c6afcead9049c946c97be4edb8b3cf2f1f9698f402eb02dce51792d2faf1b2cd683f02219024a0cbb4f90ed5ff1c68b2bb0f824b2e32b538 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 578bebe744818e3a66c506610b99d6c3 |
| SHA1 | af2bc75a6037a4581979d89431bd3f7c0f0f1b1f |
| SHA256 | 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71 |
| SHA512 | d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
memory/2248-5631-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2248-5632-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a619d4f982f5d42_0
| MD5 | 9e232072950ddc8bfcf887abf366619e |
| SHA1 | 344949a419a8d2ef554d21565422c2ddee35d7e6 |
| SHA256 | bc870b02be0790cb659d4de66ffff69de06a1cf7f35345e7ea26b5600e2efc51 |
| SHA512 | 4952c74b5a381bd23a4f013274e013bd85e8327cb5864635374f8beafb89f7981d9dc73be55835ffda9a129603802e00e5c58c872b6f2d7abdb46bef9d89e048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f12e0fb1e010af90_0
| MD5 | a50855961e13b04029ec6836d6c407d6 |
| SHA1 | 69f61db21fe7f0be18b3f1f05d60bbcc2f34eed7 |
| SHA256 | b61e80b9f4722f2bcae3837d62ef4043420297922c51d0c7b01e8adf7f128404 |
| SHA512 | 6faff66cb932de0d8fcde6780faccbb3e7e0fb7588b8d0d5f0be0d6f00425b761eac21a00656516b4b00b8661cc902b0cf080652a1d4f24537a0f2082dc86567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53205359a4035ca2_0
| MD5 | 4c5d8c2f1d0c6cf4e4742fbda0318045 |
| SHA1 | a2daadaf1bb2257077a2d71763f1cc6bdc481d27 |
| SHA256 | b5469037155750459360429ed327eb021fe4535e0c8e9810b5e5ce8df4795bbe |
| SHA512 | e557ff6f5dfd5171768991c41cc39f56e22c2814136b4dc690c17e1823bed46a69bcbfa092af81b343c6ae495740992943ba5c591cceba5c672de2accd79332e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 923cf4e96db2a33c160dbada8836cc11 |
| SHA1 | 6d083eb4ada6c293aff0d0c205dea209db3b4a76 |
| SHA256 | d654bcad2b6581474389fb7061100953b7dc782f6c6cc936ad2abfa064ab7e57 |
| SHA512 | 4a9e3a41a359bf386e1f7a5f91028498191db1d2b5477f8a3010f8aae72fb519625b64a89ed52a8c68136d0d41dddc91ed2b34955f89d5a6ad7826672e526415 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0c780cd8de42ca9967e5b7993bc05356 |
| SHA1 | 73fcb52c59398635052abf29c79db4db88cceeb9 |
| SHA256 | 5e2d45f523549a6f9889c8bf599fa24784fe12308d9cc9b74807b92fbd493b3b |
| SHA512 | 547f16d9c68668951e4e5650d18433d304b81319acfec5f1a7acc86060ab252d0768db01f2d355c8c6b0a1e0347fcc58ccd5f38431116af859b73920d26c2505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 405dff0fdfb7e6d5f5933c5bbaa0e804 |
| SHA1 | 6517ce38fd16de85d185069362938067ccd2cffb |
| SHA256 | 096829368b76a307ef1e29094e2845240c4b11d2409c7b9925b00d11f8ec1323 |
| SHA512 | f1960232ebcb885992568c2866182ea4973f82fc0ae51a30e9da8e6c39e6a665d8334653566bbf9f3f6f95b64dd955cc5bd432c64f96c333ce766f5530e90f7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6c79cff003404199e8c1560f99bb88e |
| SHA1 | ecb189331bc32ad165458543b930e7150deaacef |
| SHA256 | bf8c2563117f6a37ff8532a9b322d43a34eef6c3e69316522f765960971249a0 |
| SHA512 | b7445fde25f4736656be94272de90f3bf3f15ed03203613a8fe3069ffea7d5141999b8029d6fc5c079de3dff2f9b7a200bca41168cb476586862a68e09a2e63f |
C:\Users\Admin\Downloads\Unconfirmed 112887.crdownload
| MD5 | c8e32f0602bda31acb632ea0f2bbdc36 |
| SHA1 | 56e2f0d633b34bfba873860555bfea489f1bdecd |
| SHA256 | dcdc1db43bea00904247bd3a95ae6ce2f7eea093969be22f76c151c56422031b |
| SHA512 | ba68d8006af36e4bfc127ed8c497d7592ce174fd7eb3013f2d08667247058895f7a9a7e62e3646f36db3719f3b89326998a8627a3ea033692b0416a651f3f3a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e
| MD5 | 4b4947c20d0989be322a003596b94bdc |
| SHA1 | f24db7a83eb52ecbd99c35c2af513e85a5a06dda |
| SHA256 | 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180 |
| SHA512 | 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000121
| MD5 | 668b709219a3bc003ac35038ad55daa8 |
| SHA1 | 65d4bd0e7a79f6717d00656d3774c9cddce8c536 |
| SHA256 | 075482464634359e34d7d49320b08882ce1f8c742904910caddcae0db6d86989 |
| SHA512 | 6bf60d57cd41c555f4f2a205994690882d44da5617de36a144219983f71f6e06112d15816b138cbd7bd37b29b9802f009c3503204c7e2b8b0354b3b3ac16b941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011d
| MD5 | 8d1ef1b5e990728dc58e4540990abb3c |
| SHA1 | 79528be717f3be27ac2ff928512f21044273de31 |
| SHA256 | 3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9 |
| SHA512 | cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000124
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000125
| MD5 | 9ddefb34cdc7433e68d58cfc54afd013 |
| SHA1 | 2a74522efe35efe4956828eb2172a4f9a0e7499e |
| SHA256 | a198b75825125d7755c874913ec2305b557810db78fc3ffabc6ed85b2fedf079 |
| SHA512 | 7b27c3e6dd1653e1d526f1c070906f119816cfab7dcddd6f12e5367a652713a08c20c9e709f121893d7c2044eb60aa87fbf3dbb1533638e576819473ca469700 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123
| MD5 | d07f175cbd2c52604838bcbd34bf7386 |
| SHA1 | 1e32ac6ef3b42b664a681867b8243ac04a1d07fa |
| SHA256 | 0e733fc8c782ac8a05936c392d72e3079f49dc348019a84103184efd011d8f45 |
| SHA512 | 8ccd985d4100190e76e1443a1bb4a5b1783d1318200ad51a0ed7ef675ba0e8a4e7f6ba16268240ab86d6e38b9d8b26136ab297672889f6a415fbf11132819973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000122
| MD5 | 382e5a265d13d3280b41f54973289ab3 |
| SHA1 | e36e2cadb13183bc03fa209b8bceae3384dbb0c4 |
| SHA256 | 827c580a692dc92d7ae2d2d6acb946352dc61cf7676e27b796548cf793161463 |
| SHA512 | 1b7b50d939d9db580800fe556149107fb4e062d28fdad79b8481af8e713731a1671e6a8a52f966bab82fc13b7a41fdaa225e133e66aef616048b39beccdad251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000120
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011f
| MD5 | bcf8a9566c19c82f4bdb43f53a912bab |
| SHA1 | aedbcfb45eed11b7ad362b53ff32bacec9f932ee |
| SHA256 | 52c97dd2602b4d9ac70b61c3dd9b0f9869c5c211e2a4b52e94eda5e150349ae7 |
| SHA512 | cfec8603b3eecc261735ddb3d9f292f47e5e34761d73c33b8a1fa1efcf8e07b9b5595a28eac3b238842cf1f63a155b0376840f42ab22ad3186390bcfbc62adfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011c
| MD5 | 657ed1b9ac0c74717ea560e6c23eae3e |
| SHA1 | 6d20c145f3aff13693c61aaac2efbc93066476ef |
| SHA256 | ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570 |
| SHA512 | 60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000127
| MD5 | 2f3c7b5f9221520efbdb40dc21658819 |
| SHA1 | df12f010d51fe1214d9aca86b0b95fa5832af5fd |
| SHA256 | 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99 |
| SHA512 | d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128
| MD5 | bc4836b104a72b46dcfc30b7164850f8 |
| SHA1 | 390981a02ebaac911f5119d0fbca40838387b005 |
| SHA256 | 0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929 |
| SHA512 | e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 465154e5897ba91c3a4046e5136418f2 |
| SHA1 | 02e82a820e7a49160b1b2031c1bab6a85e45a663 |
| SHA256 | 4c2c619aa792142780da9816503e93c170b57b34fa22464dc8bdc29e2a1c7246 |
| SHA512 | 2507ae3cb0531740191f033e61d57d63959111f567281f7659c01a436efb6a9e402cea794f3a5d12af3776b90d67a823bf47bc04d597e97b3c954ff5e2dd32d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ca84de97365ea47d77590f01becfc9d |
| SHA1 | cd85b5e4773c09610e84ec6ccbbc6abe3ce11ab0 |
| SHA256 | 10e08aae28f7ea2c13fd38f5ae80a5e97bc8faae7b8715cc1007ca4dae56ef07 |
| SHA512 | 2170efe216044f37169569283138c734a9b153d1812b3645ea63868ae59e66262e59096741dfeb3e27c6242b4af1d2f3fc1c3277bbd9f5c2ddd71c13a0cb23f4 |
C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master.zip
| MD5 | c2a96fbc27d47ae5512b4c6a1be74226 |
| SHA1 | 166e20e1389b78a845a608357f13f428c32f0c96 |
| SHA256 | 6a420231c21a7ebd4a72c3c8a2860b73a4b275443be5e82c4c7de01935b72ecc |
| SHA512 | 2429fdcfb069193fee4d810edb55dd9000465866f8a75e6c4c19766bc7241d2d92d1ec4fbdc9e072d00ad7eacc079fea8744df2517b69683359b55aa61b10ffc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcd52fbe7c6d4223f5dc1125df16d242 |
| SHA1 | e9c8a412d90bcb9c38c3b4be6ab7994ede50e774 |
| SHA256 | 225924e5368ac2aede72bfec449c35d8a0b742f2c495346c9971c9a3a5477bb2 |
| SHA512 | f538afa9c0e511a568245b96bd0a331b98ee0962cf2a71b55c6a8dc0a665cf14efc958196bf5727512a973846a90cb4eafbab6062de4d33bba2be261692b23ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 622a56a5e307febfb2bf55e9ad805c26 |
| SHA1 | 5d959ff1efcaa203ab4559f45df7746fd5d81181 |
| SHA256 | 4bb08f0151d45f34faaaff21f292623751d6b1f744be7b33ef3dfb2c9c676df5 |
| SHA512 | 377cd73aad9a7b6e7f5934a97b0ccbf241d4642d9171ae3b447a41c7c589c8cc6c23451e83240f3f9cdc2ceb6083443e736b9d632232eb0703cb6da7e52f5784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f82389902e607a6128d3aa3c8d0b8dfe |
| SHA1 | 55289e7e992f5bfc8a939d26b76c9fb0a8aa5fef |
| SHA256 | 8c7ca864bdda8dd42d7f3def32ff94c2c97c84dafe766abf2566c262c9c01d3b |
| SHA512 | cc68c75debd4343e9ac620b0592ef21c5e6e87a0e88d17d591f936b3d7076b886007507b21a7efe574596d614b36141678156f4355eda5949a5dc77397392c95 |
C:\Users\Admin\Downloads\WannaCry-main.zip
| MD5 | 3c7861d067e5409eae5c08fd28a5bea2 |
| SHA1 | 44e4b61278544a6a7b8094a0615d3339a8e75259 |
| SHA256 | 07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635 |
| SHA512 | c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65b7bc8f371119dbddef2ab4a7c2233a |
| SHA1 | 1d94c9050d6eb8656a0add85e2abeb8da5d1638e |
| SHA256 | d15c52a1294e2a51b46d84d594da444b736679ff4e996c5fb0543989a8b245b5 |
| SHA512 | 7ab134b2776b1fa955e0dd8907870d698f9e98a478ea7db780387eba350cbb70d736aff7eaef6a3db647516d577b8e8a7812c72c4d69ae104778d01501b57500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ac312ead9a4fc3b33763442ccff5954 |
| SHA1 | 8d008ac597fd025beec4c8e36969b87236bd6404 |
| SHA256 | e95dc9612555133333523f4d1fa6bf48e86d0803e53f4873d8fbf98cc5243e2b |
| SHA512 | 3d492cec52c77f086447490055384b508a2414942c77b8de9862cf51807c2190dec68fd7c2c6f38278396e997f90b7d4f2877e7103250595d5276a9a5d9de763 |
C:\Users\Admin\Desktop\WannaCry-main\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/6044-6559-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Desktop\WannaCry-main\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\Desktop\I_LOVE_YOU-Virus-master\@[email protected]
| MD5 | 5ec73793d8844d4e952878cbbf474b25 |
| SHA1 | 002f67a53a1bf0a543e857778d28857b72a9372d |
| SHA256 | 5d42c551e15624a6715baf06bec3e8bf315d74c9b3b702d81d90fe85fdd5570a |
| SHA512 | 1924078999c8deaeb2fc6fbde693269f42460ad2f6ccffd318405af6090326c3ddc957c45ae74272b8ba04d6218c869eddcf22b46378503839e83c58d490302b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 39ff88ec670bed0e3ea1a49017ed17a8 |
| SHA1 | 6730f8ebdf16c5e614e10b9f08b83d92f4ef25db |
| SHA256 | 822501060141852bc7b225c017fde33229c42d05cabef20c23be184767525416 |
| SHA512 | 2e104fc1e7b171913fddac6faac9ca9ad49930ba37464f61a882de094233674dd670382de3cd6cf9be7806e4a0c16327dd007766dbcb938bbbfe4119f94ca4bc |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\WannaCry-main\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4180-8031-0x0000000073910000-0x0000000073992000-memory.dmp
memory/4180-8033-0x0000000073910000-0x0000000073992000-memory.dmp
memory/4180-8035-0x00000000739C0000-0x0000000073BDC000-memory.dmp
memory/4180-8036-0x00000000737D0000-0x00000000737F2000-memory.dmp
memory/4180-8034-0x0000000073800000-0x0000000073882000-memory.dmp
memory/4180-8032-0x00000000739C0000-0x0000000073BDC000-memory.dmp
memory/4180-8037-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8038-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8050-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8051-0x00000000739C0000-0x0000000073BDC000-memory.dmp
memory/4180-8056-0x0000000073800000-0x0000000073882000-memory.dmp
memory/4180-8055-0x00000000737D0000-0x00000000737F2000-memory.dmp
memory/4180-8054-0x0000000073890000-0x0000000073907000-memory.dmp
memory/4180-8053-0x00000000739A0000-0x00000000739BC000-memory.dmp
memory/4180-8052-0x0000000073910000-0x0000000073992000-memory.dmp
memory/4180-8060-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8067-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8081-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8082-0x00000000739C0000-0x0000000073BDC000-memory.dmp
memory/4180-8098-0x00000000008F0000-0x0000000000BEE000-memory.dmp
memory/4180-8123-0x00000000739C0000-0x0000000073BDC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-21 12:37
Reported
2024-02-21 13:07
Platform
win11-20240214-en
Max time kernel
1772s
Max time network
1771s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-664403437-228026989-2547995067-1000\{52D5B350-CB19-4CBE-B84F-A51319A03A74} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe55933cb8,0x7ffe55933cc8,0x7ffe55933cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2676671069478956925,14442639698220407563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3800 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 162.159.135.234:443 | remote-auth-gateway.discord.gg | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.135.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.135.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3ac94e49addbb0b2b78b1cc0c4fdc41a |
| SHA1 | 41dda9076097a81d24a814805f80979eb5736a72 |
| SHA256 | 259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5 |
| SHA512 | 9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa |
\??\pipe\LOCAL\crashpad_2628_BKQOKMPFWSJFFXXG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff61205747dfaa5771788edf8a783973 |
| SHA1 | f74f0fd0bafbfb23868babb58e76179a6096d480 |
| SHA256 | eb1440ddca5d185ba59e17b34df6ca63a6a18a815c6b772c6da7dcb89694b5e0 |
| SHA512 | 9dd859be26d5df0db2301dbcff35f897e023e436a86eaa70b614f91b134261fca93d02d925d03c52536d4d03a6abbdcd7feba8e77c6edaa681c704ff9357b879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e235e107c329156e0f83ef58f4f82cbd |
| SHA1 | 8e7ae2d6ec74a3a2ba1f1f943f08b3d0c529d336 |
| SHA256 | 15da98c4d24b33bc536ab51dee97cef735e0822152a6997242b1de58f3f0c012 |
| SHA512 | 6d143fcfe82bf4d1698deca90e2b8a14a3c142b58b856f7c34a6ce05264ac8e6610c11bb20b6d82d4d59c20942b3d5f379769dc1d0b3c9c801cde14583697e6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4411876cea58b5dc7c73d34e9e730832 |
| SHA1 | dff6ebcaf8aba69e162215540c08baee615a42fc |
| SHA256 | 1e13a7aeaadc8fc07be4be35062c7c7361d53d921d51dd6666f41193c75f5013 |
| SHA512 | 9b159c239709892c691621de700ce455673c7bf9ad08260a9d050b9d182eb03b8c5ff44142dd2f69dcf87ae3a0b2bea5469c1f731be41e785a39b6b72d63fa72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 0ee370fd0b36aa248467fe639b6efd62 |
| SHA1 | 8d05ed1594e797f3b884c0640b394305cca30521 |
| SHA256 | 7546533b63e8d119b7d4d58459a88b1bfeb060128844de5ffa9a2800a07505ba |
| SHA512 | 9f36083d5068d2b293bd459c8a03e7d79b1f005f7386dccd2df7599b8f94875bfb7bec715e8141d02dbcd92043c8dc621493939cae7bdfa96763927487bc261c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e55c4d53af0ee72a91846bcfd4da84ed |
| SHA1 | bf9ff3c091dcf8b336f6b48dc738b1bc6ff6f04f |
| SHA256 | 18e78925e8bfb331340082fc3c39bcf7545f731a4460732dc6995ab20a945707 |
| SHA512 | 19962a443b8537cfdf49a8894da06f5b1ddee230e75359e90ccd7b7734c266d5b75a2167f02912978c2882f8954d4c5be5bc7c6fa6e4bf5872e9a726b9d6b430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 42ec8b664014a8dc5354f8c700764ae4 |
| SHA1 | f6ab63f2df4e3558f09903cd08823906e4c5938b |
| SHA256 | 20c019120233c1731aec4455f9728d75b9d7735d95b8368ef6dd1ec9761bc032 |
| SHA512 | 10018b2f7cb9a41688460066aecad8fdfac6ffa17793371baca71591799652f4a6baaf5f1fa072ceccd53c4806be22a8d6c632eb4d32c3da3475a8aee582d905 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c88a3bc77002a075b95198522f195432 |
| SHA1 | dd6ff073c9b7fa86d1a461013165a7251443e777 |
| SHA256 | 8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d |
| SHA512 | e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca372cc987691f199a841d05f8e66d34 |
| SHA1 | 879d26221f8cf69e8bb681a8119825baabc5b564 |
| SHA256 | dd90457b4d6591200df77155a0771da86154ea9854d6514c3a86a561f1108a25 |
| SHA512 | 3fd846f86358edb7a213fb954f9e460fc81b7c9b6fb9284215ec4b8ff16212d027acda7ee2f8a61557ee6b1223230dca12c3574db4933141d34bd5db1cc9c221 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599234.TMP
| MD5 | fd065948620570375741c6b4d2144597 |
| SHA1 | b6063b57e77639c30b95b9022f01b8ba39f95374 |
| SHA256 | 16ae153f8eaa08d718003d1aeb94575cef310d523787879111bbf45f2e7659bd |
| SHA512 | 28acabfff6aae11280071305d969a77062af3ae9ef80d129803457e865a226dafb005f3797bf9c495e58f371820bea2ef1633fc3d07ad0838405daa9d8f51db8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d408850398d66e63e7fe01b8e7f5b58 |
| SHA1 | ca60d51e86830a1c859b15acda806da2526a0242 |
| SHA256 | 2f387e0d5d016d34039ed7354b8ba199a275e0051e1fc93a86f53df813d31ed1 |
| SHA512 | e0baf0b85963ccff4f3a7cd4c723e986e069a02dc649dd0da5d1b0496f1deca045a863154322a9c02adfdf9f063e99acab07a674762c4072c54db928713257cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c7b92d2c0c5eaa7ed88b68bee4b9670 |
| SHA1 | 0048dc515f5f78e6d85c823a4d002fdb08542eb8 |
| SHA256 | ccbead0c1f65ee44a7ab3339330bcffd067dac985098445d5a5d04b43b87c9da |
| SHA512 | 69cd15a78ac640d0c4c5c7c8ac719bb9314accde07c5f5e64951682efc1ab7e852e66400fa8add0abfb04acab3e261ccac768b438551cd14731e0720f78e7bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a7ecf0811fe70bf9c0358dcd5c3d4b0 |
| SHA1 | c7d427279962a1248d4e36775d01936052879d91 |
| SHA256 | 9fb925d1cb8ae73c972b4f1f3756c6afc15e499bbb47690ce98ccab3ec1f69e8 |
| SHA512 | 471b3c9ee566d9da7829bd69a124e7156a368d9f086d375e70c05952672df96ce745eef911a60ba5ce68e1af57372be5725076d438b0df208d1639137e5a3c85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 62ff6a55478a0bc2dfc3a1a69984f60f |
| SHA1 | 6d82eb17cfb0966c9f38bbbe6e2390e9892032bc |
| SHA256 | 6c0bc7137db3c0e4fba1e898f87e2b516da8fab285b4aef81564086d52ce0429 |
| SHA512 | d5335555aae0efe36813c28784fd4f7fc9dacd2f34258fe4a718a971af4f9b27176401dd73226645a262719a4853dc3c37cd4aca9fb2315e28916a6ffcc25964 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3161d1e7d537472e616e0a6413a70465 |
| SHA1 | f1bb9793f30e15c534ac35ca1a4266afbd9f7c3e |
| SHA256 | ede80bd71dfba2044ac829bcbf41debc2199c806265735ed317d4f4240eb8aeb |
| SHA512 | aa78b86017159d77121936f117940174bd6a441f45ef72e3b59771118ff99dd8c6703e7b455b609fd35daebe38c45ea5c7e7bb587219a344789f06209166e92d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52a0af29a3a3935e2bc7935c528c7d1b |
| SHA1 | da2f7a2bd207f07e746540c91a1bbc6aae94075c |
| SHA256 | 836548eaf7417ebb897433bcfc8cb9455cb0523156ca4dcf5a22c3eae692ae8f |
| SHA512 | 543887359bbd8ad5945e028fac4497b451b344940c79d6341a147f2d5597369a6572cf98697d475af588edac039a00e91c31894b6e1551d82c44d07cca47a31c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f08e87636bba61a85aaac06327f859f |
| SHA1 | b0c28cc35503df80fa56ba32f8c26eae10104c24 |
| SHA256 | 205abc10b32f0494dc97ec40a120e81ae5e79485574e84e221a1910b9b63d18c |
| SHA512 | 95a76e449ae5d78458ec69228072d3d6387292f438dc0c537cfe9a09a74f215edf96ae05a144bbf3947014c6f3acb4bebbed20a2dcfda1bed1f874f4065b216f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29830471609fe59327e52d52d838ccc2 |
| SHA1 | b49a09ccc680ed3e1743abcb40332cde954be2e1 |
| SHA256 | c467a15f705fe384328bfb40a865c6a6281a47fcc1f85962196d900d607645e0 |
| SHA512 | 8a23cdc493fe02c9be393d5ab60f1d3bf860b43e84648d3ac7f2227069096e2f97d46d10daaf1fae2a4a79890e45616973ffd5ff7c95c7856cfbdf0660bff873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b84ebcb8f7ead877a8152902fea4bb91 |
| SHA1 | 6697a32142a980380898fa188761492175a2cd95 |
| SHA256 | 9ad1fa96e344d008b2bea689009a11b018095df843302913117ecd9fad99d682 |
| SHA512 | a9873ed5efe748d4b59f9792f9afc7df7de359158fe1723609cf61e1466a5aaa732110d7be636f8f50fe2aa05be31776e2a796d668486e6a051c0341006a85c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f09e5b64003a85172dd14239ded29366 |
| SHA1 | 99f542479fbaffeb23c96508baeaac4d7d2a71c8 |
| SHA256 | 6d858eca0e8aa86eacb6d1113eed074ff3806a3af1798f22e91e0a8489198d8d |
| SHA512 | a0ead75e80b3bfd36e6f74d54c0774526c130a5d89d7f8fe566af6525bc169a3a490fa07d819ac07213165dff82ce8658886fe9401a58244f55830cf17291446 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d0aad48169298d55b704f1f0932aaa0 |
| SHA1 | 45f175e500fde594ac11a9a44246a02089508644 |
| SHA256 | 67a47c0ee22952f61aacd3954ae4df85405579a5b47538c3c334c0fbb0cf4af8 |
| SHA512 | 66a44d45ee7e828b21dbf788eb33945de08f36df57e423008f5b2b5c3c4e775ddfff5ab7e0bb24e4f927a1f5a298dd2f802f6d0d39f3df13c3bc390b4bff4a7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4d6b50169a328466dd92c41369ccc07 |
| SHA1 | 9a03df408a66d3275e1d4c6dc942474b02d3e921 |
| SHA256 | 9be679ca02f2bc722832ead8aadc71fe9489d3a1b2e66dbe71aa1d1cd13a1a81 |
| SHA512 | 164cc50817b638db768540c405b55b647b071bb63e618e0013a9eee97d6a75e312aee350140690cfca11669d7f531b73f5a0eb837a4211b8ccec03f7173f7f10 |